hacking

  • Hilarious....

    "George Ou writes in his blog that he found a remote exploit for the new and shiny Vista Speech Control. Specifically, websites playing soundfiles can trigger arbitrary commands. Ou reports that Microsoft confirmed the bug and suggested as workarounds that either 'A user can turn off their computer speakers and/or microphone'; or, 'If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition, and restart their computer.' Well, who didn't see that coming? (Slashdot)"


    Read  "Vista Speech Command exposes remote exploit"
    Read  "Microsoft confirms"
  • A real Neo Geo pad with a USB port

    DSC00996.JPG Bought on ebay for 5euro. this is the cheapest version of MS sidewinder you can find. 4 button upper and 2 in front.
    DSC00997.JPG Open it, and look at the circuit board. You must determine if the circuit board use a common pin (mass) that it share by all button. If this is the case, you will have no difficulties. Otherwise you must solder 2 wires for each button. It was the case here.
      Lightly sand all pins and connection under each button, if you have no common reference (mass) you need to careffully sand the 2 connection of each button
      Use a pen to mark each connection, this will avoid any mistakes durng soldering.
    DSC01000.JPG The Neo geo pad use a common circuit, now we need to join each button with 2 wires, so thee easiest way is to cut the circuit line (can be repared easily if needed afterward)
    DSC00999.JPG You need to do the same with the cross, aim is to have 2 wire going from the switch to the sidewinder board.
       
    DSC00998.JPG You can fix the board below the cross, there is a lot of space.
    Now just plug your new Neo Geo pad to your pc and enjoy the feelings of having a real pad for emulator.
       

    A Direct Pad Pro interface for a Neo Geo Pad

    I use to find his plan while browsing over internet, it has 2 shift registries and simulate a SNES pad, I use to made a lot soldering and it took me a lot of time. Another way is to use an old use SNES pas board. Attention, Direct Pad Pro has never been ported on Win2000 and WinXp and is not working! (only win98). I am now selling it for 30euro if you are interested...

  • In this post, I will show you how to bring an old webcam of 2000 back to life for the latest iterations of Windows Vista/Seven by injecting the firmware of another webcam into it.

    Philips Webcam ToUcam Pro -  PCVC740K

    Year 2000
    Philips Webcam SPC900NC VGA CCD with Pixel Plus

    Year 2008
    pcvc720k_40_tlf_ spc900nc_27_rtv_

    If you read the Philips Support FAQ

    You will end up with this laconic text: “There are no Vista drivers available for this product due to the product’s age.”

    Although there is an alternate way, that only work with Windows Vista, the solution I propose you is to just make the driver think that it has another webcam plugged in! This work since the reality is that most webcam out there have seen no big hardware changes since many many years. (except packaging/prize and blinking led)

    DISCLAIMER !!! I'm not responsible for damages you could cause to your webcam because of errors in realizing the described firmware upgrade...

     

     

    Success story

    The following webcam got converted successfully:

    • 1 webcam PCVC840K converted into SPC900NC
    • 2 webcam PCVC740K converted into SPC900NC

    The following failed but I was able to recover from the saved firmware:

    • Philips PCVC680 USB VGA Camera; Video

    Contact me if you successfully convert your webcam.

    How to

    You need an Operating system that is still able to recognize your webcam. Most of Philips webcams which are discontinued, and refuse to work under Vista/Seven were working under windows XP. So try to get an access to and old PC running that OS. Lucky owner of Windows 7 professional/Ultimate are able to use “Windows XP mode”.

    Download the software WCRMAC here http://www.burri-web.org/bm98/soft/wcrmac/wcrmac-2.0.85.zip and install it.

    WcRmac allows some internal memory modifications of web cams based on the Philips SAA8115 / 8116 camera chips. That are usually cameras with a 640x480 CCD sensor (various brands).

    Connect the webcam under windows XP, and install eventually the required drivers. At that point you must be to see the webcam and get an image in windows explorer. Leave the webcam running in the background.

    Download the latest firmware of the latest Philips webcam flagship SPC900NC here http://www.home.zonnet.nl/m.m.j.meijer/D_I_Y/spc900nc.bin and copy this file under  the directory

    • C:\Program Files\TWIRG\WcRmac\binary\8116 

    Start WCRMAC and connect the webcam by selecting it under the menu “webcam”

    bin-tab

    Now get to the tab “binaries” and click ''Get current and save as” to make a copy of the existing firmware to disk. Now select the latest firmware in the list spc900nc.bin and click on the button “load”

    Now the webcam should be recognized under Windows vista/ seven (even 64 bits)! It will have all the software goodies of the latest of the latest webcam: faces detection, anti flickering, up to 90 frame per seconds!

     

     

    References


  • An example? edisoncarter from GTA Forums has wired the PS2 controller up to the PC's parallel port and has tried numerous combinations at high speed (this technique is known as BRUTE-FORCE: trying all possible combinaisons till expecting a result) just to find cheat code for the PS2 game GTA. When I told You that a lot more people are now smarter...

    Crazy? no! A problem has always a solution :-)


  • Reverse engineering of the IPOD firmware by using a modem noise attack!

     I got an iPod for christmas. Theipodlinux project was one of the main reasons for my choice and so I started exploring the iPod as far as I was able to. I patched the bootloader and got some basic code to run but there was no way to access any hardware other than the two CPUs yet. To get the LCD, Clickwheel and the harddisk working we needed to reverse engineer the bootloader in the flashrom. But to do that we first had to find a way to get that code. Seems quite impossible without any knowlegde about the IO-Hardware but I found a solution...

    They have in fact use the internal tweeter of the IPOD to dump the result of code execution of the firmware into sound. These people have write a digital sound compression algorithm, an encoder and a decoder!!! Now 64kb of internal code can be examined!! why? just for booting LInux!!! penguin power!!!  read more here...



  • PortableRaspberryPiTorproxy

    Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi. First, plug the Ethernet cable into any Internet provider in your home, work, hotel or conference/event. Next, power up the Pi with the micro USB cable to your laptop or to the wall adapter. The Pi will boot up and create a new secure wireless access point called Onion Pi

    According to the Tor website:

    Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
    Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
    A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

    Thanks to Adafruit for this nice little hack, read more Here

  • sony_playstation_ps3

    If you really like the controller of the PS3, you can use it also under windows for free (as long as you own a PS3 :-) )

    playstation_sixaxis

    Here are  the instructions to make it work:

    1. Download and install the filter driver  (libusb-win32 )
    2. Unpack ps3sixaxis_en.exe
    3. Plug the SIXAXIS into your PC.
    4. Run ps3sixaxis_en.exe once.
    5. Push the PS button on the SIXAXIS once if it doesnt see it straight away. 

    Download: Sixaxis_PS3_Win32_Driver_For_PC.rar
    Size: 380KB

  • sony_playstation_eye

    With the exception of LittleBigPlanet and The Eye of Judgment, the PS3 eye is not really useful at the moment, so why not trying to (re) use it for SKYPE or MSN??

    playstation_eye

    From Alexander Popovich Blogs

    I managed to put together a first version of the Direct Show capture filter for PS3Eye camera. 
    This will allow us to use this great camera in various Windows applications (assuming they are compatible with Direct Show system) including TouchLib for use in multitouch applications.

    Read More HERE

  • It seems that the Sony PSP is the most hackable device ever made to date. In less than 2 weeks, a lot of hacks provide by personal users are already floating around on the internet.

    For the more courageous: disassembling the PSP
    Forums
    are popping up PSPforum, forums.ps2dev.org
    Portal
    : PSP 1up - PSPhacks.net - PSP ign.com  tocontinue

  • Just got my order of three Raspberry Pi 2!. Compared to the Raspberry Pi 1 it has:

    • A 900MHz quad-core ARM Cortex-A7 CPU
    • 1GB RAM

    Like the (Pi 1) Model B+, it also has:

    • 4 USB ports
    • 40 GPIO pins
    • Full HDMI port
    • Ethernet port
    • Combined 3.5mm audio jack and composite video
    • Camera interface (CSI)
    • Display interface (DSI)
    • Micro SD card slot
    • VideoCore IV 3D graphics core

    Because it has an ARMv7 processor, it can run the full range of ARM GNU/Linux distributions, including Snappy Ubuntu Core, as well as Microsoft Windows 10! The Raspberry Pi 2 has an identical form factor to the previous (Pi 1) Model B+ and has complete compatibility with Raspberry Pi 1.

  • 20130219_211947

    Some notes about my experience using the Raspberry Pi model B…and you get it running Linux Debian on it!

    The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming.

    […]

    We don’t think that the Raspberry Pi is a fix to all of the world’s computing issues; we do believe that we can be a catalyst. We want to see cheap, accessible, programmable computers everywhere; we actively encourage other companies to clone what we’re doing. We want to break the paradigm where without spending hundreds of pounds on a PC, families can’t use the internet. We want owning a truly personal computer to be normal for children. We think that 2012 is going to be a very exciting year. [About Raspberry PI]

  • How to create a rogue CA certificate...

    We(note Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger) have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

    ps3cluster

    [..]

    "A single attempt for constructing a chosen-prefix collision costs about a little more than a day. The first stage consisting of the birthday search is computationally the most expensive. Luckily it is also very suited for the special SPU cores of the Cell Processor that the Sony PlayStation 3 uses. We had about 200 PS3s at our disposal, located at the"PlayStation Lab" of Arjen Lenstra at EPFL, Lausanne, Switzerland (see the picture). The birthdaying takes about 18 hours on the 200 PS3s using 30GB of memory that was equally divided over the PS3s. The second stage computes the 3 collision blocks that eliminate the IHV differences left after the first stage and costs in total about 3 to 10 hours on a high-end quadcore pc."

    from http://www.win.tue.nl/hashclash/rogue-ca/

    Note: only certificate signed with MD5 are forgeable, and it required a lot of knowledge and money at the moment... unfortunately these are things that spammer, thief and zombies network have at disposal. By luck as soon as Verisign switch to a more secure hashing function, the problem will be solved (Verisign will phase MD5 by January out)

    Note2: even a geek need 1 week to understand the explanations ;-)

    Read more at http://www.win.tue.nl/hashclash/rogue-ca/

  • So I have just finished and test the integration of a hashcash challenge (MD5) into the com_akocomment component...using the code of this page http://dev.wp-plugins.org/browser/wp-hashcash/trunk/ only an extract but all credit to original authors:
    • C.S. - www.cimmanon.org
    • Gene Shepherd - www.imporium.org
    • John F -www.stonegauge.com
    • Magenson - http://blog.magenson.de/
    • Matt Mullenweg - photomatt.net
    • Matt Warden - www.mattwarden.com
    • Paul Andrew Johnston - pajhome.org.uk
      and to  Arthur Konze, the author of com_akocomment : This email address is being protected from spambots. You need JavaScript enabled to view it.

    I must also pack everything into a new version of the component or better say refactored the code a little bit, because it is still full of debug statements...

    Principle:
    robot wo want to submit spam comments must pay the prize (using cpu time, approx. 100 hashcash max. each minute on a high end computer) and compute manually (can not be automated by submitting directly to the form) a Hashcash (www.Hashcash.org)


    Extract form the document of wp-hashcash:
    "Wordpress Hashcash
    Introduction:
    Taking Matt’s stopgap spam solution, which sends precomputed hashes to be echoed back by the user-agent’s form, I’ve added dynamic generation of the md5 hash. Rather than write it to a hidden field, we wait until the form is submitted to compute the hash. This prevents spammers from automatically scraping the form, because anyone wanting to submit a comment *must* execute the javascript md5.
    This plugin used to be called “Spam Stopgap Extreme.â€? Now it’s been moved to the WP plugins repository under the new name “Wordpress Hashcash.â€? All future development will take place through the plugins repository.
    New Features:
    • Log and emailing of spam, for your records
    • Client-side hash required.
    • The “Keyâ€? is hashed once before output to the html form–so spammers can’t make sense of it, and then hashed on the client side, again.
    • The “Keyâ€? is now a time-dependent, visitor dependent hash, for more variability. You can’t just compute the right md5 once, because it’s always changing.
    • Failure to compute the md5 hash results in a 1 minute timeout penalty."

    Expect a release before week end...But I must also inform Arthur Konze first for a feedback
    Then I will add the same code in login page (because generizing the code),in order  to avoid brute forcing passwordin admin login page....and in guestbook (because I was spammed many times last week)
  • sony_playstation_ps3

     Sony PS3 Modding - Homebrew, Upgrades, Mods, and Hacks is a blog already listing an impressive list of mods for the Playstation 3, some examples:

     
  • Bob did a lot of (obvious) mistakes, but you will still be able to learn a lot by going through this mindmap. The names have been changed to protect the innocent.

    Hack of Bob

     

  • There is so much knowledge people getting in touch together thanks to the internet, that some of them decide to hack well known Megadrive or SNESVideogame (raw data in ASM !)

    Hacking CulT is a website dedicated to the Engineering and Reverse Engineering of Sonic the Hedgehog games. If you thought this site was about hacking other people's computers, look somewhere else. Here, you will find tons of information on how you can hack Sonic the Hedgehog games, whether it be Hex or 68k ASM, in order for you to learn how the Sonic engine works. We also provide you the latest utilities, so that you can take the lazy way out and let them do the job for you.  There is also a hacks database to see what other hackers' projects look like. In order to play a hack, you will need a Genesis/Megadrive Emulator, which is available in the utilities section. I personally recommand Gens Plus!.

    Definitively not something for me, too low level development, but respect.

  • A lot of Mambo/Joomla site has been hacked last week, since I've already help someone hardening an installation (mambo 4.5.2.3), I've decide to write a tutorial for the benefit of the open source community...

     Some steps are common sense while others are not.

    But:

    • Do not think that doing all steps below will protect You! nothing is secure in the computer world! or not very long...
    • Do not think that after doing all steps below, Joomla will be as user friendly for You as before! we are restricting rights, changing some behaviours of the webserver, it will be more difficult to publish content, on the other side, articles and content will be safer.
    • Security come always with a pain!.

    Consider this page as a work in progress, feedback is as usual welcomed. Click read more for the article

    Choose a (better) FTP password for accessing your Homepage which is not trivial! using rules in annexe A

    Requirements: having a valid login and password to your plesk account

    How: http://yoursite.com:8443/

    Go to main page, If your hosting company allow you to create many subdomains, click on the right one, here on www.waltercedric.com

     
    On Plesk main page, click on domain, herewaltercedric.comon the next page, on Setup 
      
    Then enter New FTP password, and save  
    Choose a DIFFERENT Joomla/Mambo administration password using rules in annexe A

    Requirements: having a valid login and password to your Joomla administrator account

    How:

    Go to Your administrator panel
    For ex http://yourhost/administrator/
    click on your login name, here onadmin
     
    Enter a new password 
    Choose aDIFFERENT Plesk password for the administration of Your site using rules in annexe A

    Requirements: having a valid login and password to your Plesk administrator panel

    Go to: http://yoursite.com:8443/ which is the default URL for Plesk, attention it may vary depending on your hosting company

    On the main page, click on editAnd enter new password
    Choose aDIFFERENT mySQL password for the Joomla/Mambo tableusing the rules in annexe A

    How
    Use the plesk administration panel

    On Plesk main page, click on domain, herewaltercedric.comon the next page, click on Databases
    Then on your Joomla database (here for memos)then click on the right user: heremosuser, Note that I have
    a special user for backup purpose with only select rights! and change password
      
    Open the file /configuration.php and change the key mosConfig_password 
    Adapt user rights of the mySQL Joomla user

    a mySQL user may have following privileges:

    This user, for example joomlaUser should ONLY have insert (new comment, guestbook) and deleteand updaterights on Joomla/Mambo database

    SHOW GRANTS FOR 'mosdev'@'%';
    GRANT ALTER,CREATE,CREATE TEMPORARY TABLES,CREATE VIEW,DROP,EXECUTE,LOCK TABLES,PROCESS,SHOW DATABASES,SHOW VIEW ON *.* TO 'mosdev'@'%' WITH GRANT OPTION;
    FLUSH PRIVILEGES;

    Do not allow drop or create table, normal operation of Joomla do not require it! Of course as soon as You want to install a new component, You will have to temporarly allow joomlaUserto create new table (if the component require it)

    Adapt files right on your server

    Heritage of UNIX, file rights are organized in 3 groups, user, group, all. Each group may be able to read (r) write (w) or execute (x) file individually. the combinaison rwx is read in octal rwx = 7 for each group, so 777 is the worse settings: anybody may be able to delete or change your file on server...

    This is how look my file structure

    RecommendedSet toCHMOD equivalent
    files rights:r_ _r_ _r_ _444
    directory rightsr _ x r _ x r _ x555
    Exception for /cache directoryrwxrwxrwx777

    Howuse an FTP tool like CuteFTP, on selected resources, use right click menu , and check the bit:

    Example incuteFTP, note the command is not recursive!

    Side effects

    • You wont be able to use the upload function of HTMLArea: impossible to upload images or file using the administrator articles editor.
    • Each time You wan to publish a new articles with pictures inside, You'll have to copy them with FTP before editing in order to be able to insert them into the text.
    • In order to write a file into the directoy C in the path A/B/C, You will have to set temporary directory A and B and C to rwxr-xr-x rights (CHMOD 755)!
    Protect some part of Joomla using additionnal password like .htaccess

    Requirements: Your provider must support .HTACCESS per directory

    How:

    Read my tutorial HERE

    Side effects

    • Some component or code trying to read file form the admin area (if protected by a htaccess file), may bring a popup login windows to your users, but it is possible to find these problems and solve them quickly. My plugin securityimages in its first version was also having this error (coding)
    Run a part or your site in HTTPS mode

    For added security, you can force users to access your pages using an SSL (Secure Socket Layer) connection. This means transmitted data is encrypted, so passwords and webpages cannot be read in cleartext over the internet.

    Ideally only the administration part (all URL beginning with http://yousite/administrator/), or your whole site.

    Why:if your site run in http mode, all password and fields submitted to the server are send in cleartext (can be read). an attacker may be able to intercept or fake user by rerouting the http request. In https mode, data are travelling encrypted on the network and a session key avoid replaying attacks. Moreover it is not realistic to have a commercial business on internet without running https

    Requirements: Your provider/hosting company should allow it

    How

    Run FULL site in httpsRun PART of site in https
    • In plesk, just copy your Joomla/Mambo file structure from /httpdocs to the directory /httpsdocs with a FTP tool
    • Eventually put a file index.html in /httpdocs which redirect users to the protected https area to show to users that your site still exist (it will not bring an error 404: page nt found)
    This is certaimly not as easy as running Your full site with https,


    Side effects

    • If You install a new site, no problem
    • If You have an existing homepage and are heaviliy indexed by Google and Co and/or many users have Bookmark You, Users will be disturbed to say the least, and Google may think You are using some spammer techniques (moving and creating/dissimulating new content)
    Review OpenSEF/SEF 404 logs

    if a SEO/SEF component is installed, You may be able to look at unusual or incorrect url. This typically can reveal some SQL or parameter injection in existing code.

    SEO will in fact reject some URL and redirect user to your home root index.php, instead of displaying an error message or revealing informations about file structure, which is a positive side-effect

    ex:

    .../banner.php?id=120&client="select 1 from dual" someone is trying to test SQL injection in the component Banner

    Review access logs

    Search in log file about unusual behaviour, is someone accessing too often (in a small interval) to /index2.php (admin part of your site) -> this may be a brute force attack!

    Requirements: have a plesk access

    How:

    On Plesk main page, click on domain, herewaltercedric.comon the next page, on Log Manager
    • The server access log records all requests processed by the server. Access log for http:// and access ssl log for https://
    • The server error log, whose name and location is set by the error log directive, is the most important log file. This is the place where Apache httpd will send diagnostic information and record any errors that it encounters in processing requests. It is the first place to look when a problem occurs with starting the server or with the operation of the server, since it will often contain details of what went wrong and how to fix it.
    • The xferlog file contains logging information from the FTP server daemon, ftpd
      
    Make Backup!

    Joke: "Real men don't do backup but they often cry"

    mySQL :
    4 ways to automate MAMBO database backup..

    Ftp
    use any FTP tool to sync or Plesk backup function

      
    Keep Your Joomla/mambo installation up to date.

    Always use the latest version of Joomla: www.joomla.org Or the latest version of Mambo: www.mamboserver.com

    As soon as a new version of Joomla/mambo is available, install it in the same day!

    • Hacker will look at the patch and search for unpatched server! It has never been so easy to search for running version of a certain CMS version, thanks to search engine. For giving You an example, a hacker may search in Google (but any search engine will work) all site running Joomla/Mambo with allinurl: administrator/index2.php so install patches very fast!
    • Make a backup (just in case), and install the new patch, you can also install the patch on your local running instance of Joomla
     For paranoid or How to push security even higher

    All actions below require some knowledge or time...

    Change regurly ALL password above!

    just in case, someone get Your password or part of it. Ideally You must change your password before a brute force can find it. Or as soon as logs reveal a possible attack just in case the hacker has not start doing something bad with Your account..

    With decreasing frequency:

    • Joomla Admin password
    • mySQL user password
    • Plesk admin password
    • FTP user password
    Attack surface reduction (ASR)

    Definition:
    M$ has a good article here (idea is not coming from them, but they are trying to evangelize a lot of developers with good articles)

    So bugs/security issues can not exist in a code if the code do not exist on the server.... :-)

    Quite easy to understand but really difficult to achieve, here is a way to do it....

    1. Define Your requirement, list all components/modules/mambots that you need to run.
    2. Unpublish all components/modules/mambots
    3. Test Your site,
    4. If everything run correctly, remove one components/modules/mambots at a time, and test Your site
    5. Take care when installing next CMS patch, that you do not copy uneeded files on your server. It may be surprising, but even if the component is not published but it's code is physically present on server dissk, it may cause a security vulnerabilities.

    You know have a customized version of Joomla/Mambo with a lot less code running and possibly a lot less unknow vulnerabilities! It will be a pain to maintain.

    Log are always telling the truth! (sometimes)

    You may want to install of write a tool which parse automatically Apache, Tomcat, PHP, mySQL logs to monitor

    Just for FUN....

    Just to give you an overview of some crazy things that can be done....

    • I've read some times ago, a person which have customized a linux version. In order to be sure that if someone ever get an access to the disk, it won't be able to execute any command, he rename all files and commands on disk...This is also possible for Joomla. Write a JAVA/C#/other parser which rename all files/directories and changes all include, include_once, require, require_once with UUID. It is possible but surely (a pain to) maintain.
    • If you have a full webserver for You, You can create a special user which will start PHP and Apache and not be able to write or erase file.
    • The last crazy thing I can imagine (but with time I can be more creative ;-) ) would be to create release of  my homepage, burn it on a DVD (Read only) and publish it on the webserver.
    Of course this latest example do not allow You to use the CMS normally, You have a bloody Read only site, but nobody will be able to tamper data...

     

     

    Normally Your provider is already doing a lot under the scene, and may have done some stuff for You. It can be useful to contact him for asking what it is already monitoring or doing from preventing Your site from being hacked.

    Congratulations, You have now a lot more secure Joomla/Mambo secure homepage!

    Comments are as usual welcomed, use the contact section of this site!

    Annexes

      
    A. Choosing a good password
    • NEVER use any words that can be found in a dictionnary! common brute force program can try million of passwords in seconds
    • Do not use your name, birthday, or part of your domain name
    • A good password is at least 10 or more character long! (brute forcing entropy get too high after 7 characters)
    • Use all character of keyboard! @_! and use different case and number

    Ex: dR2_z57zzU!sP is not a bad password

    B How to store all passwordsCreate a Text file, and crypt it with www.truecrypt.com or www.pgp.com (pgpdisk)
    C Class of attacksI've write a small article, listing all web vulnerabilities (HTML partiel) and (PDF complete)
    D Some tools
    • Beyond Compare from www.scootersoftware.com To deal with the huge amount of PHP files contained in Joomla/Mambo, and install more easily patches or synchronize folders, I strongly recommend You to try or buy a Beyond Compare Licence. This tool is able to compare directories, preview changes, and even compare a locale directory with a remote FTP server.

     

    E https rewriting for admin panelcreate a file .htaccess and copy it in /administrator, if a file already exist (it should!), add lines which ae missing in it

    # Do not allow any user to access this file - to copy in all .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>

    #/administrator/.htaccess
    RewriteEngine on
    RewriteRule ^/$ /administrator/index.php
    RewriteCond %{SERVER_PORT} !443$
    RewriteRule ^(.*) https://www.waltercedric.com/administrator/$1 [R=301,L]

  • I will list here all Hacks for Your TomTom

    I RECOMMEND YOU TO DO A BACKUP FIRST BEFORE TRYING ANY HACK!

    All hacks below require a PC, the USB cable and a file explorer to modify some files on the amovible disk.

    Replace the start/stop boot splash images

    Open the file splash.bmp with Your favorite graphic editor (for example www.gimp.org ) and put it under the root of the filesystem. You can like me, add your own background, your pictures and contact informations, just in case it get lost. Moreover many people wont be able to replace the modded picture and that will decrease th value of the device for thief.

    Recover unused space on your card

    You can empty the directory /scripts this directory contains pictures displayed during the demo. Gain: 900Kb

    more soon...


  • A great article!

    The story of the Linksys Wireless-G Router (model WRT54G) and how you can turn a $60 router into a $600 router is a little bit CSI and a little bit Freaks & Geeks. It’s alsothe story of how the open source movement can produce a win-win scenario for both consumers and commercial vendors.
    ...
    In June 2003 some folks on the Linux Kernel Mailing List sniffed around the WRT54G and found that its firmware was based on Linux components. Because Linux is released under the GNU General Public License, or GPL, the terms of the license obliged Linksys to make available the source code to the WRT54G firmware
    ...

    So the Linksys WRT54G can be loaded with replacement firmware with exciting new features. Which raises the question – like what?
    ...
    read more HERE at www.wi-fiplanet.com


     
  • "Windows Live Messenger goes beyond the traditional instant messaging (IM) service, enabling people to connect and share, with free PC-to-PC calls and inexpensive calls from a PC to phones around the world, video calling, easy sharing with Sharing Folders, and more. "

    it use a highly proprietary protocol, that has been reversed engineered in many opensource variant. If you want to use all advanced features, you will be disapointed by open source IM...
    As soon as You install MSN Live, your desktop will popup a lot of advertissments, and uneeded stuff.

    But there is a very simple way to clan an remove all uneeded stuff in Messenger...an it is call A-patch



    "Featuring a massive 71 options! A-Patch boasts a tremendous amount of customization to better your Windows Live/MSN Messenger experience, with even more planned! Remove advertisements and buttons you don't need, cut down on wasted space, sign-in to more than one e-mail address at the same time and even more features just waiting for you to take advantage of! "

    Take the control back of MSN messenger, use A-Patch


  • sony_playstation_eye

    The PlayStation Eye is a webcam device by Sony Computer Entertainment for the PlayStation 3 video game console. It is the successor to the EyeToy for the PlayStation 2. In case you have one floating around that you do not use for gaming, why not trying to use it as a webcam? You can find them cheap everywhere on ebay, ricardo.ch, leboncoin.fr

    It is not anymore difficult to make this webcam work under Windows (Sony sell this camera since 2007), as there is good and stable drivers now available. I did test the webcam under Windows 7 64 bits and Skype. It work great as long as there is enough lights in the room.Note that the multi-directional microphone is quite exceptional of quality (The PS3 use it for voice location tracking, echo cancellation, and background noise suppression.)

     

    Features

     

    windows_logo Windows XP, Windows Vista, Windows 7

    The CL-Eye Platform Driver recommended for general users provides audio/video functionality with a single CL/PS3-Eye camera supported in a wide range of native and web applications that use Microsoft Windows DirectShow Framework (Skype, YouTube, Adobe Flash, AIM, MSN Messenger).

    macos_logo MacOS

    A working driver for MacOS can be downloaded from http://webcam-osx.sourceforge.net/

    tux Linux

    Starting with Linux kernel 2.6.29, just plug your PlayStation Eye in a free USB port and enjoy. Tested under OpenSuse 10.2


  • The free60 wiki which aim to document ways to have a linux booting on XBOX360 is since 2 weeks online, and has already some interesting info. (some guys are really a lot crazier than me ;-) )

    I came one more time to XBOX-linux.org which has a page for describing how the first XBOX was hacked. Very technical but a mus to read for all security geek.

    The Hidden Boot Code of the Xbox From Xbox-Linux or "How to fit three bugs in 512 bytes of security code"

    ...
    Microsoft's engineers first seem to have thought that the secret key would never be revealed: security by obscurity. This explains why the decrypted code did not get hashed. Once the secret key was known, anyone could decrypt, patch and reencrypt the flash contents.
    ...
    And how the chain of trust was breaked
    ...
    The design of the first MCPX was very wrong, and the implementation was catastrophic. The design of the second version was a lot better, but the implementation was not. Without the various security holes (Visor and MIST bugs as well as possibly more) and with a working hash function, the system would have been pretty secure. Encrypting the ROM contents with a secret key, i.e. security by obscurity, simply does not work if the key travels over a bus that can be sniffed.

    {mosgoogle}

  • From XBOX-SCENE forums

    " An anonymous person at the German 23C3 Hacker Congress showed what could be an Xbox360 hack/exploit during one of the 'Lightning Talks'. Lightning Talks is a daily event at Chaos Communication Congress (C3/CCC). It consists in one hour of several short (limited to 5mins) talks.

    In a very short presentation a masked 'hacker' showed an Xbox 360 booting up King Kong (the game, by ubisoft). After loading the game a screen pops up showing an Xbox 360 logo, a Mac logo and Tux (the Linux Penguin) and the words "coming soon...". I also noticed a small PCB is hanging out of his Xbox360 and he's using a laptop (Apple Macbook pro?), but it's not really clear what he's doing with it.
    Those who followed hacking discussions might remember hackers did some research around the vector shaders in the King Kong demo on the Xbox 360 Kiosk Disc (that ran from recordable media). The demo (and final game too) allow to modify the shaders (they are not checked/signed). However no exploit to take control of the machine was found back then... so either this hacker found something here, or he's just showing us his custom modified shaders ;)
    That's all the details we got for now.

    If you don't believe the presentation was really given at 23C3, you can download the +560MB WMV video of the complete 'Lightning Talks' Day4 from the CCC mirrors (direct: mirror1, mirror2, mirror3, mirror4, mirror5, mirror6, mirror7). Forward to the 5th presentation and you'll find it there. However note that the video encoding is far from perfect and the audio seems to be broken/missing. The youtube video below shows just the Xbox 360 presentation, with audio:

    UPDATE1! Here are some updates from stuff people posted on our forums.
    Here's another footage of the presentation filmed by someone in the public.

    Some high-res pictures of the presentation. A bit easier to see that small PCB here. Pictures by Darkman at c3f2m.de:
    23C3 23C3 23C3

    Also interesting is the official description of the presentation on the CCC schedule site:
    [QUOTE]
    Title: Consolen Hacking Suprise (XBox360)
    Language: German
    Speaker(s): Anonym
    Description: The XBox360 was live hacked in front of the audience - running Linux and Mac OS coming soon. Stay tuned - a Linux kernel is already booting..
    [/QUOTE]
    "

  • Herr Cédric Walter, geboren am 3. Oktober 1973, ist seit dem 1. März 2000 in unserer Versicherungsgesellschaft angestellt. Für die Zeit vom März 2000 bis Juni 2004 verweisen wir auf unser Zwischenzeugnis von 30. Juni 2004.

    Herr Walter erledigt als Anwendungsentwickler im Ressort Anwendungen Basel im Wesentlichen folgende Aufgaben:

    • Benutzung, Weiterentwicklung und Spezialisierung von gruppenweiten eBusiness-Plattformkomponenten
    • Programmierung von eBusiness Versicherungsapplikationen mittels J2EE, XML, JSF (Programm zur Offerterstellung im Einzelleben-Versicherungsbereich)
    • Wartung und Weiterentwicklung der neuen Infrastruktur für die Entwicklung des Einzelleben-Offertsystem
    • Mitarbeit bei der Untersuchung einer neuen Entwicklungsplattform für die  Entwicklung des neuen Präsentation-Layer des Einzel-leben-Verwaltungssystems
    • Know how Transfer und Support laufender Projekte.

    Wir kennen Herr Walter als pflichtbewussten und im besonderen Masse vertrauenswürdigen und verantwortungsvollen Mitarbeiter. Er verfügt über ein hervorragendes Fachwissen und im technischen Bereich über überdurchschnittliche Fähigkeiten, welche ihm ermöglichen, auch sehr schwierige Aufgaben zu lösen. Er hat immer ausgezeichnete Ideen, gibt wertvolle Anregungen, ergreift selbständig alle notwendigen Massnahmen und führt diese erfolgreich durch. Herr Walter ist belastbar und erbringt auch unter schwierigen Arbeitsbedingungen eine sehr gute Leistung.

    Durch sein kooperatives und freundliches Verhalten ist Herr Walter bei Vorgesetzten, Mitarbeitenden und Kunden geschätzt und beliebt.

    Dieses Zwischenzeugnis erstellen wir aufgrund eines per 1. Januar 2007 stattgefundenen Vorgesetztenwechsels. Wir danken Herrn Walter für die bisher geleisteten wertvollen Dienste und wünschen ihm weiterhin viel Erfolg und Zufriedenheit.

    Helvetia Versicherungen.
    Human Ressources + Dienste
    Dominique Bruat
    Teamleiter Anwendungen basel
    Monika Haering
    Personalleiterin


    Basel, 31. Januar 2007