Search This Blog

Wednesday, December 24, 2008

Tokyo Gore Police 東京残酷警察 Trailer

If you love Azumi and Versus, there is no reason you should skip this! Lots of blood, gore, violent and nudity!

Monday, December 22, 2008

Live Messenger 2009 is out!

Yes, its true and final. Download it at :

Well, if you hate advertisements like me, you will probably want to "patch" your messenger with A-Patch:

Its a pity that is still far behind the patching. I like that better.

Tuesday, December 09, 2008

What I do for a living (The Good)

Often it is I get this question. Or rather message since most of the time people just ask for asking. They did not really expect much of an answer. While many of my peer will probably make up lies and say things like I work in Consultancy or IT services, which in effect is still technically correct. One night while chatting on IRC and I gave that answer again, I really feel myself to be some what hippocratic

The fact of life is I HACK. The word has been colorized by far too much movies and negative reports. Well, not that it is not what it is, but the differences is some people do it with permission while others do not. I kinda belong to those who had the permission. But that certain do not make you a white hat automatically.

Really? Ya, that what I get if I used the above answer which is why I prefer to say Consultancy or hell even I work in McDonald's sometimes. The client give me an application, I break it apart and tell them what I can see inside. The client give me a website, I hack into the accounts and demonstrate to them what damage can be done. If you think that sound cool, good for you. 

At some point of time, I almost felt there is no more challenge out there. In terms of network, applications almost every single one has some problem one way or another. But then again, nothing is perfect. But that what I do for a living. Its nothing like in the movies, where you disarm crazy looking security systems to save millions of lives or prevent the SDI satellite from starting WW3. It is just not that.

While it sound fun to uncover security problem and help clients fix them before millions of dollars are hacked out by people from the dark side. The result is unseen. That makes my job looks like nothing had happened although no news is good news in this case. Therefore you can see not many people require this type of services. Most do because it necessary by law or its better to do so that you do not need to take the fall if something happens. People who truly believe in the value is few that I had seen.

So, I guess the next question is I lost my yahoo account, can you hack it for me? I want to see if my girlfriend is dating someone else, please hack her Facebook for me? Ya, I get that all the time. I guess the main difference of the good guys and the bad guys is both knows how to do it. Just that the good guys do not exactly do it. 

So, will I hack you? Nah, being mercs as ever, I do not do anything for free... haha :) Just kidding. I am suppose to be the good guy right?

Monday, December 08, 2008

Thursday, November 27, 2008

Install Fedora 10 on Virtual PC 2007 SP1

The graphics mode pretty much does not work, at least for me. The whole installation was done in Text mode. This is weird because I remembered I managed to get it working in Fedora 9. In any case, to make the WORST happens, I installed everything, which WAS a mistake. The sensible thing to do is to NOT select virtualization. The reason being it doesnt help much in a already virtualized environment. Unless someone has a paper which prove me wrong about VoV (Virtualization on Virtualization).

Ok, I will only flag out the hard part, the rest is standard protocol. 

For the file system, it may make sense to use a normal non-RAID partition because in the VM, there should not be any performance improvement (or rather its probably going to cause performance issue). So, what I did was a simple 1 x swap and 1 x ext3 partition. If you free you want to secure your /boot, you can split that out too.

The rest goes as per normal. After the reboot, you will realized you see nothing (or some garbage) on the screen and cannot see anything. To fix this, you have to get into grub menu. Edit the kernel... line adding "vga=0x32D" at the end. That should allow you to boot up into text mode at least.

Now once you are in text mode, you will want to fix this once and for all. Go to /boot/grub and change the menu.lst according with the vga=0x32D on the line.

You will also notice the screen is huge and its not very friendly for some of us using a laptop with tiny screen. To fix that, you will need internet to install some modules. Once you confirm that internet is up, do :

yum install system-config-display

and then after the installation, run :

system-config-display --reconfigure

You X should now run properly in whichever resolution your choose. The rest, should be easy.

Wednesday, November 26, 2008

Afterdark Horrorfest 3

The 8 films for the Afterdark Horrorfest 3 is confirmed as:
  • The Broken
  • Slaughter
  • Perkins 14
  • Butterfly Effect : Revelation
  • From Within
  • Dying Breed
  • Autopsy
  • Voices

Publishing source codes onto Blogger

You cannot imagine how bad it is... All your lines gone, errors on symbols etc...

Fortunate for you, I had found something that converts all the special characters for Blogger because I was trying to make my previous entry.

You can use this online convertor to convert your source code for publishing on Blogger:

List to Range in Excel

I know that range means something else in Excel, what we are talking about here is making a list of numbers into a list of ranges. For example, we have :

1 3 4 6 8 9 10 14 15 19 20 22

Imagine we have this on the first column of an Excel sheet. What we want on the second column is:

1 3-4 6 8-10 14-15 19-20 22

Sound dead simple right? Ok, maybe you can skip reading this then. While its sound simple, it took me 15 minutes after a cup of 7-11 Slurpee Brainfreeze to write this :

Option Explicit
Sub Rangemaker()
    Dim i As Long
    Dim col As Long
    Dim sRow As Long
    Dim wRow As Long
    Dim seq As Boolean
    Dim LastRow As Long
    '  speed
    Application.ScreenUpdating = False
    '***begin change***
    'init start row: CHANGE TO SUIT
    sRow = 1
    'set column to put results on: CHANGE TO SUIT
    col = 2
    '***end change***
    'get last row of data to process
    LastRow = Cells(65536, 1).End(xlUp).Row
    'init dest row
    seq = False
    wRow = 1
    'do all rows from sRow
    For i = sRow To LastRow
        'see if next row is continuous
        If CLng(Cells(i + 1, 1)) <> CLng(Cells(i, 1)) + 1 Then
            'Not Continous
            If (seq <> False) Then
                'is part of a seq
                Cells(wRow, col) = Cells(wRow, col) & " - " & Cells(i, 1)
                wRow = wRow + 1
                seq = False
                'is not a seq but single number
                Cells(wRow, col) = Cells(i, 1)
                wRow = wRow + 1
                seq = False
            End If
            If (seq <> True) Then
                Cells(wRow, col) = Cells(i, 1)
            End If
            seq = True
        End If
    Next i
    Application.ScreenUpdating = True
End Sub

Lets run through this a bit. I had added in as much comments as possible. Basically, you can play with 2 variables for your need.
  • sRow which is which row to start making the range.
  • col which is which column the result will appears.
Basically, it checks through each row and the next row and see if they are in continuous sequence. If no, then check if its already part of a sequence, which you should end with a "- ", otherwise then its a single number. If its in continuous sequence, you set some variables and continue.

For those who like insult to injury, to do this in Perl, its simply :
@a= (1,3,4,6,8,9,10,14,15,19,20,22); 
print num2range(@a); 
sub num2range {  
local $_ = join ',' => @_;  
return $_; 

Original idea and post:
Perl code was found from:

First it was Bear Sterns. Then AIG. Then Lehman Brothers. I think this is the beginning of the end? Althought Citibank will survive for now... But only time will tell...

Tuesday, November 25, 2008

Why RAID 5 stops working in 2009...

Somewhere in July 2009, this was one hot topic that caught my eyes, but I did not care because WHS has a simply, cheaper and more advance way to manage drives then RAID. But it turns out that by mahtematics, ya Q.E.D so to speak, if a 2TB drive in a 12TB RAID 5 config goes KO. Then that will trigger a rebuild. And based on the 6 remaining SATA drives, the error rate is 100%. Therefore you cannot rebuild the RAID array. All 12TB gone. Thats the simple version...

I think the importance here is to stress that BACKUP and RAID are 2 different thing. You should not do without BACKUP, even if you have RAID, which in general is a good and sounding practice. What? Your company don't do that? Then you should quit before 2009 (or upgrading to a 12TB configuration) before shit is on your hand as per say. :)

See the original post and flaming all over in:

Monday, November 24, 2008

Pointsec Virus Protector

Following my previous concept on how a rootkit can be protected on the HDD of a laptop, this idea can be extended thanks to another product call Pointsec Protector:

Basically, this encrypts your USB / External flashdrive, HDD etc. Which in this article, I will conceptional talk about how this can be used to protect the virus in transit. 

Imagine a virus extension of the rootkit. It can be transmitted onto an external device. So we have some USB flashdrive, which in this case is protected by the Pontsec Protector. So the virus is injected on the flashdrive. Now typically, we should be able to scan the USB flashdrive in a clean environment such as Linux, but because its protected by Pointsec Protector, this is not an option here.

So, how about when it get plug into another Windows system? Well, if that windows system does not have the Pointsec Protector software, the virus is safely protected inside. Well, in the case it is. Then doesn't the host based antivirus picks it up immediately and wipe out our virus? It depends. There can be several ways to go about it. One way is to inject itself immediately into the Pointsec address space. That makes it hard to kill and most likely the antivirus will have to take the Pointsec down with it. Then it still leaves our virus intact in the USB flashdrive. However, this technique is not easy at all. Another way is to inject the rootkit immediately so that while the antivirus spends it time cleaning the virus (if it doesn't block it first), we 0wnz the system first hiding its trace. 

As you can see, the encryption here provides it a mechanism to transport the virus straight to the target. The only defend left is the target host based anti-malware. I suppose modern day malware has easily overcome this problem. In the case where the malware does not detect the virus at all, then its game over for the system. However, if in the first scenario is possible, then a virus which is able to target the encryption mechanism, it will provide a more foolproof entry into the system or at least it will disrupt the anti-malware's attempt to clean up the virus. No decryption, no cleaning. 

Conceptional, I believe this is possible. And the impact can be much more serious than to rootkit a hypervisor because of the vector of attack. 

Corporate Windows Update

While corporate spent tons on getting their system protected by anti-virus, IPS/IDS and firewalls, its the very fundermental that they overlook much very often. Yes, I am talking about Windows Update or Microsoft Updates. There is no doubt why the update services is often blocked by the corporate policy is due to a need to test updates before deployment. The excuse that it is not compatible with some of the software is lame in my view. If it is so, that piece of (crap) software should be updated or thrown away. People makes patches to make things work. They do not avoid patching just to keep it working. That's precisely the phase :

"If it's not broken, don't fix it!"

Well, I do not know if I had mentioned this before, but the weakest link on my network was my company laptop. It has easily 20 high findings just after scanning for 5 minutes with a commerical vulnerability scanner. Well, you also notice I use the word WAS. It is no longer. 

There are times that certain updates are necessary. For example, you had needed XML DCOM or MSSQL for some project. But you are then not allowed to update these component after you installed them. This will be the time to ask. Do you want to go as far as to "break" the corporate blocking of the Windows Update? If not, you can do what I do. Prohibits the stupid laptop from connecting to your network. That's one against working from home.

But if you figure to yourself: "Ya hell just do it!". Here is the solution.
Create a registry file (with extension .reg) with :

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess] 







[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



Save it and run it. Of course if you are hardcore enough, you can manually edit these registry. Make sure you make a backup in any case. There is also a file which is done up so you can download and run it from : Link

Well, happy updating.

Thursday, November 20, 2008

Truecrypt 6.1

This must be old news to many of you, but Truecrypt 6.1 is out. This is a file / disk based encryption software. I had a previous complain about the default settings (where you click next, next, next, install, oops, OS screwed up...) where they disabled the swap file. This is truly undesirable and cause a hell to troubleshoot because its hard to know where problem starts especially when you do not know what exactly happened.

Anyway, they got this right this time.

Download it at:

Wednesday, November 19, 2008

Pointsec Rootkit Protector

This is exactly how encryption can backfire in a corporate environment.

Basically, it applies to all the disk based encryption, more especially on those which cannot be reversed. But I decided to mention Pointsec because this is where I got it working. Most company will encrypt the whole disk especially in banks, military agencies.

Next, we have a concept rootkit, which should be fairly powerful to mask itself from all if not most conventional anti-malware. We can assume in a "perfect" environment where if the rootkit is loaded, it cannot be detected in the same environment. So as long as you have the OS running with the rootkit installed in Ring 0 layer, you are screwed so to speak.

Traditionally, in this case, we would attempt to remove or disable the malware by booting it up with an alternative environment such as WinPE or Linux. Then we can perform a scan on hte FAT/NTFS and wipe out the rootkit. Now, this is where it get tricky. Because disk based encryption is used, there is no way an alternative environment will be able to see the files on the infected Windows. So far I have only encounter Microsoft's Bitlocker which can be decrypted. And in this case, it is possible to remove the rootkit after decrypting it.

By now, I think you can figure out what I am trying to say. The only way to wipe out the rootkit is to destroy the whole encrypted partition. And as long as the partition is still encrypted (in my case using Pointsec), there is virtually no way to even read the partition using another OS. In a way, Pointsec protects the rootkit from being isolated and destroyed. That is in the first place if someone even figures out that there is a rootkit in place.

Where this can be applied? Well, almost everywhere where company can afford to have all their laptop encrypted and pay enough to acquire a really god rootkit. The company can effectively spy on their employee and perform logging or auditing services. And even if the employee finds out, there is nothing they can do. Well at least in countries where privacy is not protected by law.

Ok, I am not going to leave my contact here, but if you think your organization requires such a services, drop me a comment. :)

Microsoft to offer FREE Anti Malware in 2009 codename "Morro"

Read about it here:

In short. Onecare will be discontinued in June 2009 for sale at least. By then, I would expect that Morro will be available in Beta. So, if you did not pay for Onecare, you won't need to for Morro either.

I cannot say how good this may be because it is likely Microsoft will strip off the additional functions such as tuneup, photo sharing, backup etc. So, it may be a give and take thing.

The only advice I can give for those who are facing expiry of their subscription soon: Renew of switch to a new Anti Malware first. Morro will be a while. If your expiry is far, go on with it and wait. By Spring 2009, I will expect a beta of Morro to be available.

Monday, November 17, 2008

D-link DIR-655 Firmware 1.21 with USB support

Read all about it and also about the Secureport managed services which is slammed on several places including Slashdot :

The changes are as stated on their support page:

Anyway, what they did not tell you is that there is a official firmware 1.21 which does not contain the Secureport function and you can download it at:

Thursday, November 13, 2008

Umi no Tririton 海のトリトン OP、ED

Used to love this song and I remembered I even watched this in Malay... Was a little sad near the end when his dolphin died, but its a great story for its time. And guess what? Same artist and 3 eye kid and Astroboy.

Gatchaman 2009

Teasers and photos :

Wednesday, November 12, 2008

Factory Farming

Here is a video about factory farming which I urge you to watch, but not after a full meal. It contain some pretty cruel footage and that really makes me rethink about supporting the meal industry in this way. While, this video mentions about the Christian faith, I believe it should be a universal belief that we should not have the right to ill treat other living beings even if they eventually end up as food.

Monday, November 03, 2008

YSMenu Oct 2008

In case you are wondering what is this. We all know that R4 for NDS has stop developement for quite a while stuck at V1.18. Even the NDS code manager recently has been giving me problem updating the cheat list. There is a R4 SDHC and I am very sure just using the firmware is not going to make your R4 into a R4 SDHC. So, here is one of the shell I tried.

YSMenu is basically japanese and to make the firmware and files for the NDS requires a hell lot of steps. You can read all about it at :

but I had save you some time by prepaing it and patching it with the DSTT firmware from :

And to make it all right, I added the cheat list as of 28 Oct 2008. In addition, I even throw in the GBA/GBC Emulator into the package.

So, with all these works put in, tell me why you will not download this for a shot on your NDS R4?

Grab it at:
YSMenu Oct 2008

PSP Slim 5.00 M33-3

Yes, its time to do the 5.00 M33-3 update now. Its plain simple. Just unpack it to the root of your memory stick and patch and reboot. Tada, its now 5.00 M33-3.

BTW, you need 5.00 M33 in hte first place to perform this update.

Download 5.00 M33-3 here:
PSP 5.00 M33-3

PSP 5.00 M33 0xFFFFFFFF PSX Error Fix v2

This is the trickiest of the installation for 5.00 M33. Ok, make sure you are not connected using the USB connection menu. Exit that menu if you are. I have to presumed you had flashed 5.00 M33, because this file is patched on top of that firmware. What you need to do now is :

1. Press and hold [Select]
2. Change the USB Device to Flash 0
3. Exit

Now activate the USB connection menu. Go to this new weird drive. If you cannot see "KB" folder, make sure you unhide system and hidden directory in your Windows. Now, extract the package you download here to the root of this drive. Safe remove the drive and exit USB menu.

Repeat the above steps, but set it back to Memory Stick. You have just flashed a file into the firmware and this patch is done.

Download the PSX fix for 5.00 M33:
PSP 5.00 M33 PSX Fix

Basically, just for the fun of it. I heard that Popsloader still does not work properly and PSx seems to be a big problem in 5.x firmware. So, if you are a hardcode PSX gamer on PSP, I would suggest skipping the whole 5.00 M33 until I say its good for PSX. :)

Lastly, why this is v2, apparently, v1 doesn't work so well.

PSP Slim 5.00 M33 Savestate Plugin

Here is the usual savestate plugin for the PSP 5.00 M33 firmware. There is the readme.txt file in the root directory explaining how to use this plugin. The directory has been prepared for you. But before you go ahead and unpack it all to your root of the memory card, I would like to have your attention to the game.txt inside /seplugins. You will need to modify this file if you have other plugins. Basically, you need to include this line into your existing game.txt if you already had one. Otherwise, plain and simple, unpack them and enable it by holding your R button and do a cold reboot.

Download the PSP Slim 5.00 M33 Savestate plugin:
PSPS 5.00 M33 Savestate

P.S. I do not need to mention that this only works on firmware 5.00 M33, I hope.

PSP Slim 5.00 M33

If you follow my blog, you should know my updates are usually very slow. The reason is I usually prefer to only post updates which I am confident and tested. So, here is the 5.00 M33 release for so long. There is 3 parts to this update. It consist of the core 5.00 M33 firmware, 1 bug fix for playing PSX game having 0xFFFFFFFF error and the usual savestate plugin for 5.00 M33. Nevertheless the 2 are optional and if you do not use them, you can do without. Therefore, I had post them separately.

Here is the Core firmware. The usual applies. Unpack it to the root of your memory card as all the directories has been created for you. DO NOT FORGET TO PRESS O TO REBOOT AT THE END OF THE FLASHING!!! Or you will brick you PSP as usual.

Download PSP 5.00 M33:
PSP 5.00 M33

Sunday, October 26, 2008

Hack in the Box 2008

After 1 year of lapse, I will be going again. Well, not presenting this time too. should had prepared well if I wanted to. anyway, it will be a whole week burned there. I miss some of the best things there like good food at Ka So etc. This time its held at a different location and things are very different.

For full details on what will be presented, check out the HITB website at :

Its pretty obvious I will be stuck in Track 2 because the first one from Track 1 is from Oracle. Of course, other reasons are the speakers from Track 2 are my usual favorites.

Anyway, if you are there at HITB, I hope I can meet you there for a chat. See ya there!

Microsoft Windows RPC Vulnerability KB9358644 MS08-067 (CVE-2008-4250)

I seldom have to nag about a Windows Update. This one is an exception. The reason being that it affects a large amount of machine and many of which are still the popular choices around like Windows XP and 2003. The outbreak, if it happens, can easily match that of the Slammers or Code Red. This is the only reason why I STRONGLY urge everyone reading this to make sure this update is put in.

Another reaon is probably not a good news. The bad guys beats us to it again as usual. There had been signs of attacks based on this exploits in the past 2 weeks and in fact now, there are 2 known trojans (info collector so far) which made use of this exploit. This exploit is serious enough for Microsoft to issue a special bulletin in their security software which reminds the user to update their machines in order to avoid infection.

So, can you please do this upgrade if you have not on 24 Oct 2008. You can download the files directly or use the normal Windows update to get this patch.

For a more detail FAQ :

Sunday, October 19, 2008

科學小飛俠 ~ 日文版

And here I present you the original version in Japanese with enhanced graphics comparing the 80s and the 90s version.

科學小飛俠 ~ 台灣版

This is a very very rare OP version of the anime Battle of the Planets / Gatchaman / Science Ninja Team. This is the Taiwanese dubbed edition.

Tuesday, October 14, 2008

Russian Company manages to break WPA/WPA2 100 with GPU

Using GPU to help in a distributed attack on the WPA / WPA2 keys, days or at most weeks is all it take to break the WPA key now...

Is this the beginning of the end? Even when 802.11n is still in draft, WPA2 is dead?
Read all about it :

風暴 - TVB 少年四大名捕主題曲 完整版 ~ 林峯 吳卓羲 馬國明 陳鍵鋒

Audio Only

風暴 - TVB 少年四大名捕主題曲 完整版 ~ 林峯 吳卓羲 馬國明 陳鍵鋒
曲:鄧智偉、葉肇中  詞:鄭櫻綸

林 峰:
曾為你心碎過後 長痛承受

如若你走盡頭 痛恨似在一生左右

風雨中 背叛裏似失控
當日我怎付出 才像惡夢

飄泊中 背負了有多重

合 唱:
為何尋覓總可感到 渺無尺度
為何沉默只可能得到 烈變風暴
誰人曾被風急輕掃 也留記號
烈變風暴 再度

林 峰:

難避過創傷苦惱 悉緒的霧

風雨中 背叛裏似失控
當日我怎付出 才像惡夢

飄泊中 背負了有多重

合 唱:
為何尋覓總可感到 渺無尺度
為何沉默只可能得到 烈變風暴
誰人曾被風急輕掃 也留記號
烈變風暴 再度

誰人曾被風急輕掃 也留記號
烈變風暴 再度

Tuesday, October 07, 2008

Slayers Revolution

After many many years of waiting, Slayers is finally back! Yes, and Season 4 named Slayers Revolution is completed as at episode 13! Here is the OP and the ED for your viewing pleasure!

And yes, the next season will be Slayers Glory!

Monday, October 06, 2008

Tuesday, September 30, 2008

Who killed Server Rabbit? Finale

The root of the cause was right there. How could I had missed it? Both the servers were hardened and rebooted on different dates due to the Windows Update. I got hold of the details of the hardening and released that due to the inheritance properties, the hardening of the permission in hte registry has been perform on the "service" branch instead of the individual services. Several critical roles such as "Power Users" were actually removed as part of the hardening processes.

Now, take a step back. So what? I still ahve admin running and it was not working when I log in as admin. The reason being even if you are admin, it does not mean all the services are run as admin. Some of them are still run as other roles and these role unfortunate to say happens to be one of the removed one!

My gut feeling this was the root cause. I checked with another working server / workstation and restored the deleted roles into one of the Server Rabbit and ta-da... Everything was working and kicking again. Actually as long as RPC service is up, I pretty much knew I hit it.

Well, here is the aftermath of the whole incident.
1. There are malware found. Incidentally, this means the malware protection is not enough. Even if this time the malware did not take it down, sometimes in the future, it will.
2. There was no backup. Having a good snapshot / backup will save the situation and minimize the downtime required to recover the whole problem.
3. There is not enough documentation. This applies to logging as well. If there logs and documents are properly put in place, the whole incident could had been easily tracked simply from the look of the documentations.
4. There is insufficent training. While its a good idea to have some of the admin learn how to harden or improve certain functions, it is always good to provide the admin sufficent training to do so. With proper training / certification, the admin would had avoided the incident.
5. Access control was not properly inplemented. The sharing of accounts had made the whole investigation a nightmare. If individual accounts were used, combined with properly logging, it would had provided the information who made some change at what time. This could had greatly help the investigation.
6. Logging is the last time that I felt was missing. In terms of the firewall, IDS etc. If proper logs were generated, I would had concluded whether this was a security incident or not from the very start based on who has accessed the server etc. Of course lets not forget the golden rule that if a machine is compromized, the log is as good as none. Therefore logs from hardware boxes (which is probably not the target of the attack) is greatly helpful in determining whether a real intrusion has taken place or was it simply a misconfigureation or software corruption.

I am glad this was not my day in day out job. :) Well if it is, I am hell not getting paid enough for this. :)

Thursday, September 25, 2008

Samsung Omnia / Orca Firmware HH3

Its out! Finally. While a HI3 is already leaked, the official ROM is not at HH3.
What are you waiting for? Grab it at :

CWCheat 0.22D

Its been a while since I updated this. Anyway, same drill. The latest (as of 25 Sep 2008) GameDB is loaded in. This is a package for the PSP Slim. Just unpack all to the root directory of your memory card of your PSP. Take note of the few *.txt file. If you have other plugins, you may want to manually edit them in instead of replacing it. Especially GAME.TXT, if you are a big fan of mine, then you will probably have the USB Charge and the Save state of the 4.01 FW.

Here is the download :

Sunday, September 21, 2008

Yet another 8 films to die for

The Horrorfest 2009 is back! Jan 9-15. 5 of the films has been announced. Check them out at :

Highly recommended for horror fans!

Friday, September 19, 2008

Who Killed Server Rabbit? Part 4

The RPC service is critical for Windows function and I dare say nobody can do without it. If there is no way to enable it, the server is pretty much dead. Most things will not function and I suspect the GUI errors and the network, users and other symptons I had seen was probably due to the fact that the RPC service is down.

So, my aim will be to find a way to restore the RPC service. If I tried to restart it, it gives me an error 5 that access is denied. Well, that even happens to me as an administrator. At that point of time. I failed to see the point that although I am logged in as the administrator, it doesn't means that everything I run, I run it as an administrator. This was later found in the service control panel under the run as section.

Based on some of the suggestions, RPC service should be ran as Local System instead of Network Services. I tried changing that, well of course I can't change it in the service control panel since the properties is down. So, I had to do it the caveman way by editing the registry. This is one reason why normal users should never have write access to the registry. If they can change the registry, they can control anything they want.

I rebooted and hope for the best. The best was not good enough. The server was still pretty dead. Neither the Local System or Network Services ran RPC service properly. Now, how could someone had changed the permission such that even the defaults accounts could not run it?

By now, you may have some idea what actually went wrong. But I was pretty certain this was not a security incident then. It could had been a bad patch or some wrong configuration that cause the problem. But why only these 2 rabbit server? What similarity do they have? Ok, one of them were killed right on Sep 11, but that doesn't explain the other one. Neither did the patches, they do not even contain 1 single similar patch. OK, except the malware removal tool Sep, but if that was the case, millions of people out there would had scream out loud.

I was certain I was close... but not close enough...

Who killed Server Rabbit? Part 3

The weekend was not very fruitful because there were other temptation and Assassin Creed also look pretty cool on a 9600GT. Anyway, the logs looks pretty normal and there was no sign of an external attack. Maybe its time to consider an insider job after all.

So, I took one step back and take a look at the records. So far, I notice the passwords had been changed recently and whoever did left the company would not have access to it. So that rules angry ex-employee out.

The VPN was a connection to another site across the globe. The sole purpose was for replication only. And by that, nobody will log in to the server. The channel was also encrypted. So, unless the machine on the other site was infected, its highly unlikely something could had came in through the VPN. And moreover, the VPN is only on one of the machine, not the other. The 2 machines were on seperate network which could not reach one another either. So not possible to infect via the network. Thumbdrive, maybe, but that's restricted only to some of the staff and highly unlikely anyone was there on Sat and Sun where the first server rabbit went down. So, this is out too.

I am almost at my witts end. Then I had to go around and drink coffee with the rest of the staff to find out what they had been doing, any progress etc. One thing caught my mind. They were in progress of hardening the server based on Microsoft Best Practice. Well, at least they started to.

Giving there were no other choices, I feel this is one possibility that could had went wrong. So, I had the staff show me what was performed. One of them was undoubtly the auditing, which we can safely ruled out as an attacker's trick to clear the log. Then there was also some tweaks so restrict the user's access to the event viewers and some other services. I probably did not need to know the details, but the mention about services has brighten my way a bit.

I went back to the rabbit servers and check if the services were up. My hunch was right. There were barely any services running. I tried to manually start some of the services but were met with a permission error. I run some quick check on the internet and found more than 10 ways to solve it, but none of them worked. At this point of time, the staff has already begin to repair server rabbit 2003 by a in place reinstall of the files using one of the cloned drives.

I knew my time is running short and I had to quickly nail the problem. Looking at the services tab which has a block of GUI error, I suddenly saw one critical service was not up. I knew I had hit the jackpot. This was where the problem began....

Who killed Server Rabbit? Part 2

It was patch Tuesday again. Microsoft released some really serious looking patches who nobody can say no to. What nobody expected was another murder right in the morning on Wed. Another dead server rabbit 2003. The scary part was... the symptons were the same. No network and user control panel. Services panels no properties and some GUI errors. Again network was dead.

Now, it really doesn't make sense for someone to attack a good machine and not ownz it, but kill it. I took a quick look at the network architecture and I notice this time, that the 2 machines were on different network. One of them were not directly accessible from the outside, except through a VPN tunnel. This make the whole situation even more creepy because if this is a outsider job, he probably has a VPN access.

In any case, the 2003 rabbit was cloned with encase and quarantined. Now I will have to do some serious debugging. Some of the blame flew to MS's patches. I took a look at the 2 new patches applied to the 2003 rabbit. One was serious, the graphics file format attack. I know its possible some site could had actually created a 0 day attack and maybe the server rabbit was just stupid enough to stumble upon it. But highly unlikely. The other patch was the standard once per month malware scan by Microsoft. While I wasted some time on the server rabbit 2003, it finally hit me that I should take a look at the server rabbit XP and see if these patches make sense. Well, the unfortunate case was that it didn't. The XP has around 20 patches. Well, at least 20 patches since the last reboot. This rabbit was not put on a regular reboot routine. All the patches were put in place, but not in effect until it got reboot. This is in general a bad practice as the patches are not effective and when shit happens, it is really hard to tell which patch is the one causing the problem.

Without better options, I scanned again with the same malware tools, hoping to find some similar malware that could explain the situation. The fact was, its clean as ever. Either the malware tool was useless or we are facing a serious 0 day malware.

Next, I examine the logs, which fortunately was not 512KB only. This time audit was also kicked in, but at least some logs make sense. I also extracted the WindowsUpdate.log which details the installation of the patches from both the machine's Windows directory. With these logs, I am looking at a really gloomy weekend...

Who killed Server Rabbit? Part 1

On the dark night of Xth Sep, something took place because right on the first thing in the morning of the Xth+1 Sep, we found server rabbit dead. Network control cannot be accessed no more. We tried checking users accounts, nothing turns up too. Right click on various properties in event logs and services, totally nothing. Not even a box.

This was how it all started. We were pretty sure something killed our rabbit server XP. But what? First thing, I checked the log. Emm. It was a fantastic 512KB for each of the 3 logs and it was flooded with audit info. No luck. This could has been a really clever trick to wipe the logs. Change the log size and turn on excessive audits. If someone did it, he is pretty creative.

Althought the users control panel turns up empty, I was able to check it using the Administrator tools, manage computer section. No additional users of funny priviledges. So that's safe I thought. If anything was compromized, its one of these legal accounts.

The next thing I checked was the network connection. I found that it was down. At least it seems to be. Nothing seems to be able to connect out or coming in. This is weird. If I am an attacker, I wouldn't bring down the network because I would want to come back again. Well, it could be just a bad hacker.

So, maybe lets find out what he used to kill the server. I run a few malware scanner on the machine. Well, after we did a clone with encase anyway. In case we need to perform forensic on it later. Well well, a few BHOs and trojans turns up along with a couple of adware registry. Nothing serious. Well except for the trojan which keylogs some potential sites, but I doubt anyone would be using this machine to do internet banking anyway. So, I gave it a clean up and rebooted. It's still dead. Either the malware did some permenant damages or we simply did not manage to find the cause. In any case, the HDD was quarrantined and the data was restored from a mirror.

Since I had a cloned drive to test with, I tried to run sfc /scannow and restore the critical system files. I thought some of the files were replaced, but even with this, the server rabbit was still dead after a reboot. Its either that the files that was damaged were not critical files or the sfc was not able to fix the files but kept quiet about it. In any case, the HDD was taken offline and kept securely. All network were unplugged from the server until they can get the server up and running again in the coming week.

Little did I know that this was only the beginning...

Good riddance to bad rubbish ~ SingTel

While I made my request to cancel my line to SingTel, I was told this will take place in 3 days time... I wait 1 week and the line was still active. So I called up again. This time I can't be bothered to wait in the queue which took like 45 mins. I just used one of the I lost my phone or something options to get an operator. I explained the situation and guess what? They notice it was not being processed. Then they tried to hold me back from cutting the line. The proposed a SPECIAL package which is only $6 / month. Emm... What can you get for $6? Well, nothing except 15 mins for airtime... so that whoever call you, you can still tell them you changed number. Lets do our maths and you will notice thats like 20 cents / min. Luckily I passed my maths. This is a really stupid plan as their last attempt to con my money. Without anything free means you will need to pay $5 for CallerID as well. Now, I told them plain and simple. CANCEL. I wont even want to explain why I am so fed up with them or how they had fcuked up over and over again for me. A quick answer, the operator say he can make a new request and it will be cut off before end of the day.

Now, doesn't that makes you wonder why they told me it requires 3 days to cut off in the first place? Anyway, I think I don't mind paying a bit more, but definitely I stay off the Evil Red company for now.

Tuesday, September 16, 2008

Microsoft Dot Net Framework 1.1 SP1 for Vista

I do not know if Microsoft is aware of this, but Dot Net Framework 1.1 simply will not install on Windows Vista without SP1. And there is no package with SP1 integrated out there. You will have to installl the vanilla 1.1 then perform a upgrade to 1.1.

There is a page that will show you how to extract the files and patch it before installation here:

Well, you do not need to do that anymore. I had decided to slipstream the whole package so that it can be installed directly on Windows Vista.

Simply download the package below, extract all of it. Then just run netfx.msi.

Monday, September 08, 2008

Beware of the SingTel Shop scam!

Yes, althought seems really like a real shop, its a black shop. Look at what happened to me. I sign up, made the payment. Then they called me, told me that they cannot honor the purchase and slam the phone.

Guess what? They already charged to my credit card! I called and they insist they will not honor the purchase and will not send the phone to me.

Tell me if this is not a scam, what is?

I strongly advise anyone to think again if you are really buying from Or in the first place, does SingTelShop even belongs to SingTel? they have such differences in prices. For all you know, this is a phishing site!!!

Anyway, I am going to call my credit card company to cancel the purchase.

Singtel fcuks up again!

I am a bit boilling to talk abt the whole incident, but I would like to archive the letter to Singtel here. I will talk about it in another post.

To singtel :
I had placed an order 100****** online because I wish to avoid the queue at the shop. I had followed all the intruction, scanned the student pass for the student line etc, However, next working day I got a call to say the order is cancelled!!!I was told that ST cannot honor the signup done online and I had to do it at the Hello Shop? WTF? Then why have at all? It even wasted mt time to scan and upload the image!
Then I checked at the HelloShop... The price of the handphone is doubled!!! Why do you published price which you cannot honor at all? You had totally wasted my time and my opportunity to sign up with SH or M1!!! If you so desire to do so, you might as well put all your phone at $1 on since you cant honor the pricing anyway!

Sunday, September 07, 2008

Goodbye Xiao P

Xiao P has past away on 2nd September after he was with me for over 2 years. I would estimate he lived about 2 yrs 3 months at least which is already far longer than an average pudding. He was still ok 2 night before when I played with him in his playground and I gave him a lot of his favorite food. He was still digging through them playfully.

Then the night before I saw him lying down weird. I knew the day was finally coming. After giving him some honey water, he seems better and he seems to do his very best to run around just to show me he is ok. What makes the whole thing even more sad... I comforted him and transfer him to somewhere quiet. Then after a while he slept peacfully and quietly. I couldn't sleep that night.

At about 5am I woke up and he was still and starts to harden. I did what I had to and give him a proper buiral.

I will alwasy miss you Xiao P. I have to stop here...

Facebook DoS PoC

An Facebook app call Photo of the Day :
demostrated a PoC of how Facebook can DoS another site. This app basically in short show 1 photos from National Geographic. But downloads 3 more huge files from somewhere else. Or for that matters, you can do upload, posts, requests or whatever you can imagine using hte Facebook API. Effectively, all you need is millions of people to sign up your app, then when they log in, they become your botnet to DoS someone.

For example, I can up my site counter to millions easily by creating a bogus app that gives free paypal money when you refer someone. Of course on the side line, I can con some paypal accounts as well. :) Then I can make a hidden read to my site in the app and not disaply it. Once millions sign up, millions will visit my site. OK, shake this off your head. This is a (C)Copyright idea... Hahaha. Seriously, its that simple. Make you wonder why it hasn't happen yet. (Or is has... We just did not hear of it)

Anyway, here is the full whitepaper :

Google Chrome Updates to v0.2.149.29

Quietly, Chrome has issued an update (which should happen quietly too) to v0.2.149.29 from v0.2.149.27. The older version is vulnerable to at least 1 auto downloading bug and at least 4 DoS / crashes error. I can't be bother to post these exploit here anymore because almost everyone will be updated and I will get tons of "How come it does not work?" post...

The good thing is Google is putting this in spotlight and fixing as we move along. Of course, thanks to the millions of Beta testers like you and me who is trying so hard to 0 days this. I guess I will work on something else now...

IE8? Maybe...

发誓 TVB剧集《搜神传》片尾曲 ~ 钟嘉欣

Legend Of The Demigods 搜神传 主题曲

Wednesday, September 03, 2008

Google Chrome - Zero Day Buffer Overflow

Yes, Google's browser is out. And Yes, a zero day can be found within 24 hours. Now you have to see it to believe it.

BTW, Google Chrome can be downloaded via :

After installing, just type this into the URL :

or if you are lazy, browse to Crash Chrome

Yes, immediately, Google super friendly error message will greet you :

Well, if you had installed the right stuff, you can kinda find out what happen :

Of course, this is a buffer overflow.

Well, if this doesn't worry you about the way Google release this software, take a look at this :

This won't look too good if you had been surfing content rich multimedia sites (which Chrome is optimized for) such as Playboy or something...

Sunday, August 24, 2008

Get your free 120 days Windows Home Server Trial now

Its available even for international order now! Grab it at :

Saturday, August 23, 2008

Enabling Hibernation in Windows Vista

For desktop, in some cases, Hibernation has been disabled. There are many reasons why this is so including BIOS settings etc... However, there is a way to set it on if you are sure you want it and it works.

First, you have to ensure its not already on. Look for the file Hiberfil.sys. If you use the Disk Cleanup function, sometimes this file is delete and Hibernation, as a result, is turned off.

If the file is missing, do this :

1. Click Start, and then type cmd in the Start Search box.
2. In the search results list, right-click Command Prompt, and then click Run as Administrator.
3. When you are prompted by User Account Control, click Continue.
4. At the command prompt, type powercfg.exe /hibernate off, and then press ENTER. Actually I found that powercfg /h on will work too.
5. Type dir c:\hiberfil.sys. You should see the file now.
5. Type exit, and then press ENTER.

Then, obviously, if you want to turn it off, replace the on with the off.

Now, the next step is that if you have not reboot, the hibernation function is not yet enabled on you shutdown menu in Vista. And if you are stuck with a damn long process which can be paused, but cannot be resumed if you restart.. then its time to force a hibernation immediately.

To do that :
1. Click Start, and then type cmd in the Start Search box.
2. In the search results list, right-click Command Prompt, and then click Run as Administrator. Note that it may or may not need administrator rights to hibernate the computer.
3. When you are prompted by User Account Control, click Continue.
4. At the command prompt, type shutdown.exe /h, and then press .

Oh, you have pressed. There it goes. If for any chance you want to abort the shutdown, just execute shutdown.exe /a. This is a damn good way to do debugging for the RPC worm if you remember.

Thursday, August 21, 2008

Gundam 00 Season 2

More information has been release on the official web site :

I am quite anticipating the season and really looking forward to see how the story will unfold. But (SPOILER) one thing is for sure, all the C.B. pilots survived. Its just 1 plus month away.

Tuesday, August 19, 2008

Creative use of CVE-2008-2281 and Evilgrade Demo

Here is the demo I mentioned a while back but have not gotten the time to upload it. I had split the demo into 2 sections. Like how a magician does it. The first one here you will see what will happen, but not how it is done. In another post later, I will show you how it is done and why this is happening.

Sunday, August 17, 2008

任潔玲 ~ 我們有沒有愛過

I remember losing sleep in camp during the night waiting for this MTV to come on and its usually the last one cos its No 1 on the charts. Well, its still a classic.

大海 ~ 张雨生

This is the original by 张雨生. I am sure we miss his voice. This is one song I will not attempt so that I can keep a good memory of it. And, btw, I can't unless its down a few octave... :P

大海 ~ 楊培安




This song was one of my favorite originally by the late 张雨生. I am happy to see that 楊培安 has sang it very well indeed. This song does bring back memory of a story at a certain seaside on a rainy night...

三国志全日本超级动画主题 《风姿花传》~ 谷村新司

胸を開けば燃ゆる 血潮の赫は

人は夢見る ゆえにはかなく
人は夢見る ゆえに生きるもの
嗚呼 嗚呼 誰も知らない  
嗚呼 嗚呼 明日散る花さえも


人は信じて そして破れて
人は信じて そして生きるもの
嗚呼 嗚呼 誰も知らない
嗚呼 嗚呼 明日散る花さえも

国は破れて 城も破れて
草き枯れても 風は鳴き渡る
嗚呼 嗚呼 誰も知らない
嗚呼 嗚呼 風のその姿を
嗚呼 嗚呼 花が傳える
嗚呼 嗚呼 風のその姿を


呜呼 呜呼 谁人知晓?呜呼 呜呼 明朝花落多少?


呜呼 呜呼 谁人知晓?呜呼 呜呼 明朝花落多少?

呜呼 呜呼 谁人知晓?呜呼 呜呼 风姿如此窈窕。
呜呼 呜呼且问飞花。呜呼 呜呼 风姿如此窈窕…

Tuesday, August 05, 2008

Disgaea - Afternoon of Darkness End Save

This great remake of the PS2 Disgaea for the PSP is really worth taking a look especially if you are a big fan of SLG like Jeanne D' Arc etc. Anyway, go check it out, but you will realized to get all the endings involves multi replay, killing over 200 levels of extras etc... I decide that someone out there will want this.

This package includes all 9 endings (Etna Story ending as well). Just unpack them and read the DOAD.txt in the main directory and put the rest into your PSP where saves are.

Hope this help you see all the ending without having to go through what I had done for you. Please leave me a comment here when you download ok?

Disgaea End save :

Friday, August 01, 2008

Creative use of CVE-2008-2281 and Evilgrade

I was working my ass off to try and get CVE-2008-1447 up for demo. However, I am still quite unable to execute it within a reasonable time. I sure hope they have better luck than me at Blackhat 2008. But to talk about the ends of the means, I find out there was a much much easier way to execute DNS hijack without using CVE-2008-1447. Yes, the treasure is CVE-2008-2281. And yes, its still NOT fixed even today! Works for all your favorite IE6, IE7 and IE8. I would want to shoot down Firefox eventually, but for now. This will have to be it...

Well, what I am going to demo here is not state-of-the-arts and neither it is 0-day. Well, at least the vulnerability is not 0-day, but the way to make use of this sure is... :) CVE-2008-2281 is just a less critical or low vulnerability. But combine with the newly release Evilgrade (well, I could had done it with my own web server too, but why waste time on things that others had already done up for you?).

A bit of background on the 2 things I will use here. CVE-2008-2281 is referred to as the Print Table of Links vulnerability. I will put up some links about this at the end of this. But in short, this affect you when you print using IE6,7,8 (beta for now) and under options, select "Print Table of Links". By far, only librarian uses them as far as I know.

The second thing I use is call Evilgrade. In short Evil upgrade. It can emulate upgrade servers of popular software from Java, Winzip to many others. Windows Updates is not possible due to the signing of the package. (For Now). So I guess you already know what I am going to do...

Well, keep guessing. But I will release my video soon as soon as I get the recording working.

Monday, July 28, 2008

Secure Computing Sidewinder vulnerable to DNS Query Port Weakness

Yes, the so invulnerable Sidewinder is finally flagged with a workable and exploitable vulnerability. So, for those of you who keep saying its a Sidewinder, I do not need to patch it, this is haha on your face...

No, seriously. You should patch this and this is a serious problem. This is related to the famous DNS poison exploit that is running wild with is tagged with CVE-2008-1447. It affects both Sidewinder and Sidewinder G2.

So, go patch it before someone "patches" your DNS for you.
P.S. Working codes is out for BIND 9.x and Metasploit framework. Go play with it now.

Wednesday, July 23, 2008

Windows Home Server Power Pack 1 RTM

Its finally here... The greatest improvement (other than fixing the corruption bug) is the Remote Access which now you can see your pictures in thumbnail view. For IE6 and IE7 (officially), you will be able to drag and drop to upload and download now. Its also a (few) click to download multiple files via ZIP now!

The other improvements includes backup enhancements including the ability to backup to USB connect drive, backup your WHS share folders. Of course, the power consumption has been fixed to give it a more green environment friendly feel.

Download WHS PP1 from :

Put that onto your WHS onto the software directory. Remote desktop into it and launch the installer. After that you will need to go onto each of your client machine and follow the instruction to upgrade the client connector software. Its goes something like http://(WHSServer):55000 to download the upgrade for each machine.

My advice is to immediately launch the connector software and perform a backup. Why? If you do so, you will released your security suite will detect the connector software has changed and it will prompt you for allow/deny the backup engine. Imagine if you have not done so and leave it overnight hoping it would somehow worked, well it won't. You will have to allow it and save the config this once. Well, if you have no such issue, I suggest STRONGLY that you get a client side security software. I am using Microsoft OneCare which has report it doesn't play nice with WHS. It worked for me anyway now that I am on OneCare 2.5 anyway.

Friday, July 18, 2008

Keeping the rows together in MS Word

This is be an accomplishment for me. I managed to figured out how to join the splited rows in a Word documents together again. Well, if you do not understand the problem, you will simply suggest to just disabled the "split row across pages" or check the page alignment etc... Ok, for those who knows what I am talking about, its about having a table... YES, I had checked, its the SAME table, ... having some rows on page x, then one BIG BLANK space and then my next row goes to page x+1. And the next row is not like major big or long. Why don't they just stick together? AHHHHUUURRRGGHHHHH!

Ok, if you understand the problem, then I am happy to tell you, after wasting 5 minutes on it and many click and check on google and whatever, I finally found the solution!

There are a few problems :

1. Check your page setup, make sure its align to the top, not center, bottom or whatever. This is the most stupid part of it.

2. Ok, as suggest, uncheck allow rows to split across pages.

3. Select the table. Format->Paragraph. Line and Page Breaks tab. Uncheck "keep with next" and "keep lines together".

Now, it does get solved? I hope so. Mine did. Make sure for (3) you select the table.

Sunday, July 13, 2008

Tin of Paint ~ A Cyanide and Happiness Short

Cyanide and Happiness, a daily webcomic
Cyanide & Happiness @

Well you heard of Cyanide & Happiness. If you haven't, then you hear this from me. You like South Park and can take that extend of joke, you won't be disappointed. Visit and see daily comics and more shorts from

Microsoft OneCare 2.5 Released

Yes, finally. All you need to do it to wait for it to update your OneCare and you will have the new V2.5. Whats the changes (visually)? None. All the changes involves the underlaying layers. So its better performance and security below. In any case, you should not miss this update.

To do a manual update, which is not advisible, you will need to uninstall OneCare first. Then go download it again and reinstall. Some of your settings and firewalls rules will be lost as a result. Well, if this is the way you choose, you can start from here :

True Crypt 6.0 Portable

True Crypt is something free. It protects you from embassasing moments if you data is exposed to others. It keeps you personal data safe and away from eyes of audits. Yes, basically, its encryption. But a FREE, true AES grade and higher type of encryption. No spyware or 30 days trial.

True Crypt supports disk based encryption too. However, that would means that the host system needs to have True Crypt before it can open your encrypted disk. I would prefer another way to install that. Instead, you should download True Crypt and expands all the files into a folder or the root directory. Then create a file based encryption with the remaining space. In this way, you will be able to mount your encrypted file with the True Crypt binaries in the main directory on any machines. So, make sure you get all the version of True Crypt. For mac and linux as well if you want to mount the file there. You can also upgrade true Crypt easily this way. This give you truly independent OS portability especially on your PenDrive and Portable HDD. Unfortunately, its easier said than done. I probably wont go make a mac + linux binaries anyway, since they vaires so much.

Now, lets talk about the failing of this. True Crypt can fail in some ways. For example, you forget to eject the thumbdrive and pull it out. Or if you crashed Windows with a blue screen halfway writing to the Thumbdrive. Or the Thumbdrive simply goes dead. One solution for all 3. Backup. You can backup the raw or the encrypted file itself. Of course, there are ways to avoid issues especially from the first case. When you mount the file in True Crypt, choose the mount options and check mount volume as removable media. The 2nd and 3rd case is a bit hard to avoid, but do you know that there is rescue disk for True Crypt. This only applies if you encrypt the system partition though. Mount you file for the first time, select system->create rescue disk and follow the instruction. That proves to be a life saver sometimes in the 2nd and 3rd case. But in the case of a removable drive for True Crypt, this does not apply at all.

Well. The autorun.inf you will need to make the automount and dismount for hte thumdrive is as follows :


action=Mount TrueCrypt Volume
open=truecrypt /v /l /q /a /m rm /e

shell\mounttc\command=truecrypt /v /l /q /a /m rm /e

shell\dismounttc\command=truecrypt /d /q

shell\runtc=Run &TrueCrypt

Just copy and paste the above into notepad and you need to edit to z or whatever drive you like. Also replace to the (path and) filename of the encrypted volume. Make sure you extract the setup exe and keep truecrypt files in the root directory.

That was the old days way fo doing it. Now, just install and run Tools->Travellers Disk Setup and you will be guided with a wizard to creating the above. That takes all the fun away does it not...

Thursday, July 10, 2008

The Pentester's Art of War Chapter 0

This is something I always wanted to write, but never really find the time to do so and organized them. Well, since nobody is really going to published this as a book, why not just blog it onto the net pieces by pieces. I can make up the chapters along the way too. That certainly save me time from organizing it. Ok, I am lazy. This I admit.

First, lets take a look at the title of this article. Pentester. Well, I am sure it's a familiar term to many. A Pentester is basically a short of a Penetration Tester. Usually he is a security professional who conduct testing of the security of a subject (be it a application, network or even a physical location) by means of attacking it. Some people may want to use the word "hacking". I absolutely agree. However, there are many among the security professional who prefers not to be associated with the word hacking as it usually has a bad annotation.

I am sure some of you had already notice I used the word "he". Its not that I am male chauvinistic about this. I do admit there are a few pretty good security professional who are female. I knew a few from mother Russia. However, to make things simple, I would use the word "he" throughout. Just remember it can mean either sexes.

Next, the term "Art of War". The first reaction will be relating this to Sun Tzu's "Art of War". Well, I admit, I may be using something similar to run through these topics, but by no means do I want to translate it into a guide for Pentesters or explaining the whole book of Art of War. I remember there was somebody who would disagree with my term "Art". Pentesting is a science he would argued. I disagree. If Pentesting is a science, then simply it means that given the same application, for example, two different individual would have done the pentesting similarly (and maybe even word for word) and produced a similar report. If this is pentesting, no wonder my friend laugh at the joke about getting monkeys to do our pentesting in the future. I argued from the point that its an art because no two pentester will do it the same way. One might decided to deploy an sniffing attack on the application while another simply may want to unassemble some of the binaries. There are many ways and often the results varies. And I believe this is what makes one pentester better than another. I know this will hurt people who runs automatic tools such as nessus or appscan and then pull the beautiful report off their color laser printer and pass it to their boss. Sorry, strictly, I do not classify these people as pentester.

The term "War" probably raise some eyebrow. A serious Pentester treats his every project like a battle. In my opinion anyway. Each penetration test will have to be treated seriously like a war. All the strategy, the tactics to deploy as well as the resources gathering. All these plays a part in whether the project is successful or not. Of course, by means of sucessful, it means the Pentester found serious vulnerability and gotten in. Of course, the condition of winning will depends on each different engagement.

So, the following articles will concentrate on the strategy, tactics and the art of winning the war of pentesting.

Tuesday, July 08, 2008

Astalavista Security Toolbox DVD 2008 V5.0

From the site :
Astalavista's Security Toolbox DVD 2008 (v5.0) is considered to be the largest and most comprehensive Information Security archive. As always we are committed to provide you with a resource for all of your security and hacking interests, in an interactive way! The Information found on the Security Toolbox DVD has been carefully selected, so that you will only browse through quality information and tools. No matter if you are a computer enthusiast, a computer geek, a newbie looking for information on "how to hack", or an IT Security professional looking for quality and up to date information for offline use or just for convenience, we are sure that you will be satisfied, even delighted by the DVD!

Let me just say that I am not advertising for this product and in my opinion, most people should not need this product at all, especially some of the security professional who would not like to be associated with words like hackers, blackhat etc. The tools inside this DVD is pretty blackhat if you ask me. There are tons of exploit codes and source for you to see and play around with (your VM that is). If you are hardcore enough, this is a great buy especially at this rock bottom price.

Read more from :

萧十一郎 ~ 罗文 TVB 1978

自觉目光似剑 此心昭日月
情共爱 在脑海 尽化烟

梦里芳踪渺渺 怕触爱火烈焰
蜜意若灰寸寸 爱海有千叠浪

独对落英片片 顾影空寂寞
怀旧侣 忆往事 恨肠断

Saturday, July 05, 2008

PSP 4.01M33 Save State

This is one of the 2 major improvement for the version 4 firmware. Now this is available as a plugin. I had packed the file for you to copy all over to your root directory of your PSP memory stick main directory. However, there is a readme.txt you will probably not want to copy over. I simply had to include this because this is a major README that you MUSt read in order to operate the save state. If you have a text reader, feel free to copy it over to your PSP as well.

Here is the download :

Remember you need at least 4.01M33 to operate this plugin.

PSP 4.01M33-2 Released

I know its been a while, I am late again on this as usual. I had made sure I tested this before sharing it. Firstly, I do no suggest jumping to 4.01M33-2 immediate from your 3.80+. Because this is a major jump in firmware, I suggest going to 4.01M33, then 4.01M33-2.

I had made everything simple this time. Just download the 4.01M33 package. Unpack the files into the root of your memory stick. Yes, I had created all the directories to make life simple. Run the updater. Follow all instruction. Again, let me stress that you MUST PRESS O when told to do so to reboot at the end. Do not power off or do something otherwise.

Download 4.01M33 :

After that, download the 4.01M33-2 below. Just copy all to the main directory of your PSP memory stick again. Run the update. It will auto reboot and tada, you have 4.01M33-2.

Download 4.01M33-2 :

CWCheat 0.22 Rev C

It has been a while since this was released. I had not included it because there is not much changed. But here is it anyway... As usual, I had included only the PSP Slim edition here, with the latest updated cheat.db as of today 4th July 2008. I had some comments about leaving out the cheatpops.db in my last release, but since it has been some time since, I do not mind including that db in this release as well. So as a summary, this is the FULL release for PSP Slim. Not an upgrade.

Also, if you had others plugins installed, please do not copy all the files in step 1. Edit your pops.txt, game150.txt and game.txt to include the lines in these file. Its kinda like merging them into your current files.

Here is what you need to do (good for newbies) ...
1. Copy the folders into your memory stick main folder. All the directory has been prepared for you. See above if you have other plugins installed, do not overwrite your pops.txt, game150.txt and game.txt.
2. Power up your psp while pressing R
3. Select plugins
4. Press X over cwcheatpops.prx [POPS] it will say ENABLED
5. Press X over cwcheat.prx [GAME] it will say ENABLED
6. Press X over cwcheat.prx [GAME150] it will say ENABLED
7. Exit recovery
8. When in game press select for x3 seconds to access the menu(default options which can be changed)

Here is the download :

Thursday, July 03, 2008

Back|Track 3 Release

Ya, this is old news. Its been about 1 whole week since its release. If you had not seen the power of Backtrack, see it online somewhere or one of my previous post. The Wifi Zoo kick ass. WEP cracking is not reduced to a 1-click script kiddies stunt.

In any case, here is the direct link :

Description: CD Image
Name:: bt3-final.iso
Size: 695 MB
MD5: f79cbfbcd25147df32f5f6dfa287c2d9
SHA1: 471f0e41931366517ea8bffe910fb09a815e42c7
Download: Click here

Description: USB Version (Extended)
Name:: bt3final_usb.iso
Size: 784 MB
MD5: 5d27c768e9c2fef61bbc208c78dadf22
SHA1: 3aceedea0e8e70fff2e7f7a7f3039704014e980f
Download: Click here

Description: VMware Image
Name: BACKTRACK3_VMWare.rar
Size: 689 MB
MD5: 94212d3c24cf439644f158d90094ed6a
SHA1: 21c9a3f9658133efff259adbe290723583b4fd82
Download: Click here

Yes, I know. It still doesn't play nice with Virtual PC. And BT3 , in my opinion, is really slow compare to BT2... You probably need to install Nessus 3 on this too...

Thawte Free Email Certificate vs Vista IE7

For a long long time, Thawte hsa not came out with a solution to allow easy installation of their free email cerifitcations on Vista / IE7. Vista has already launched SP1 and Thawte is still there...

Well for those who did not know what a email certificate is... Imagine SSL.. Ok, even more plain, the padlock you will see on the browser when you do you internet banking... Well, thats encryption. SSL is basically encryption. But you need a SSL certificate to do the encryption. Email certificate is somethign very similar. But on top of being able to do encryption, email certificate also allow you to identify yourself. This mean when you friend / client receive a email signed by your email certificate, they can be sure its you. If the email ash been tampered, changed, edited, forwards etc.. the signing will fail and you will see a X on your email client. What? You are still using Lotus Notes? Man, get a real email client, FCS!

Anyway, back to this issue of using Thawte Email Certificates. Its FREE. Thats one plus point. And so far I tried many, like komodo etc.. And evne one which I will not name, who issue email cert, but their own SSL cert is kinda expired or blacklist... This is the type of CA you should avoid. In any case, Thawte has the advantage.

Sometime back in Dec 2007, thawte posted a "solution" to the Vista IE7 problem.
Well if you do not know whats the problem, it can only means you are not using Vista or are using IE7 or below on XP. anyway, the problem is there is no support for creating the private key to make the certificate.

Anyway, if you follow the instruction above, you will hit the Error: "424 Object required" error.
Thawte suggest your try :
OK, stop right here. This is the step I strong advice you DO NOT do. Whats is the point of using a certificate when you have to cripple your security on your browser to get the certificate in the first place?

This is my approach :
Grab a machine with Win XP. Yes, a VM is good. Always keep Win XP VM around.
Go through the process and request the cert, then complete it by installing the cert.
Now, you will have to export the cert.
Ok, this is the tricky part. Listen carefully, or you will find that you cant import your cert properly later...
Choose that... then the rest you can play around with... use a good password. But I strongly suggest after importing sucessfully onto your Vista that you delete the exported keys away.

Put all your *.PFX together and bring it to your Vista machine. Open IE options and then import them. Just let IE decide where to put the certs. It should end up in the Personnel folder. Otherwise, you done it wrongly. See the CAPITAL above. Once all yoru cert if done, go ahead and sign some email with your Outlook and smile.

I try to be brief here cos I figure most of us knows what we are doing. If you have problem wit hthis instruction, please post a comment and I will try to help you out. For Firefox, the procedure is different, so lets just worry about IE / Vista here.

I wonder why I searched and cannot find this solution on Google...

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008, All rights reserved.