Friday, November 02, 2012

List of google dorks for sql injection

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=d=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?av
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inur l: info.php?id=
inurl : pro.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:shop+php?id+site:fr
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()
inurl:index.php?id=
inurl:trainers.php?id=
inurl:login.asp
index of:/admin/login.asp
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:produit.php?id=+site:fr
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=

Wednesday, September 14, 2011

Linux websites taken down



Linux websites, including LinuxFoundation.org and Linux.com, have been pulled offline after a security breach.

It is believed to be related to the hack of the Kernel.org website that is home to the Linux Project, two weeks ago.

Friday, February 04, 2011

How Egypt Cut Off the Internet

The Basics of an Internet Connection

On the simplest of levels, your computer connects to the internet through an internet service provider (ISP) TeData, LinkDotNet.. etc. Your service provider then either connects directly to all the other internet service providers around the world or to a larger internet service provider that then connects to all the others.

When you open up your web browser and type a domain name into the address bar, say google.com, for instance your service provider sends a lightning-quick request to whichever service provider Time.com uses to make its web pages publicly available on the internet.

The computer that holds all of google.com's web pages sends a response back through its internet service provider basically saying, "Here's the web page you requested."


The Border Gateway Protocol

In order for ISPs to establish broader connections between the computers on their networks and the rest of the computers on the internet, traffic is routed through the Border Gateway Protocol (BGP). Egypt's ISPs have a certain amount of machine-readable internet protocol (IP) addresses that are used to identify connected computers across the internet, and the BGP makes the active IP addresses visible to the rest of the world to facilitate connections.

The Border Gateway Protocol (BGP) routing table routes have been taken offline in Egypt

What BGP does is 'advertise' the local address prefixes to neighboring networks. Wholesale ISPs propagate their customer's advertisements to their neighbors so that eventually all ISPs know all other ISPs' prefixes. This enables routers to know where to send packets with a given destination address. The 3,500 Egyptian prefixes are now no longer advertised, so they're missing from the routing tables of BGP routers around the world. This means that routers no longer know where to send packets addressed to IP addresses that fall within these prefixes—even if all the cables are still working fine.

Below Tedata hops and BGP port

host-163.121.215.193.tedata.net
host-163.121.209.34.tedata.net

179/tcp open bgp


28-1-2011 - After the BGP withdrawals sequence the situation, now, appear in this mode:

There are 3 projects underway to effectively create a government-less Internet.

The necessity of this is illuminated by recent events in Egypt, which include the government “shutting down the Internet.”

One possible option, discussed by geeks for years, is the creation of wireless ad-hoc networks, to eliminate the need for centralized hardware and network connectivity.

we're seeking projects that are specifically aimed at replacing or augmenting the public Internet.

Below few projects working to create such networks.

Openet

Openet is a part of the open_sailing project. Openet’s goal is to create a civilian Internet outside of the control of governments and corporations. It aims to not only create local mesh networks, but to build a global mesh network of mesh networks stitched together by long range packet radio.


Netsukuku

Netsukuku is a project of the Italian group FreakNet MediaLab. Netsukuku is designed to be a distributed, anonymous mesh network that relies only on normal wireless network cards. FreakNet is even building its own domain name architecture.



OPENMESH


Not to be confused with the mesh networking hardware vendor of the same name, OPENMESH is a forum created by venture captalist Shervin Pishevar for volunteers interested in building mesh networks for people living in conditions where Internet access may be limited or controlled.

Wednesday, February 02, 2011

Internet Access - dialup links

* dialup modem service

Number: +46850009990 user/pass: telecomix/telecomix

Numbers and logins for dialup modem connections here.
(Only verified numbers, and clean out errorous ones!)

Number User Password
+46850009990 telecomix telecomix
+46850009990 tcx tcx
+331728890150 toto toto
+46187000800 flashback flashback
+34912910230 any user/pass
+3908251872424 no auth needed
+3909241962424 no auth needed
+16033715050 any user/pass
+4721405060 any user/pass
+431962962 selfnet selfnet
+492317299993 telecomix telecomix

## about 12 (25 total, but we only have 12 analog dsps so rest is isdn-only) by www.free.de
+49 231 97844321 telecomix telecomix
##
+4953160941030 telecomix telecomix

Number:
+31 20 5350535

username password
-------- --------
gypt0001 olinver
gypt0002 hezrass
gypt0003 fraesse
gypt0004 truille
gypt0005 gonamer
gypt0006 lentuff
gypt0007 pabeete
gypt0008 slyhans
gypt0009 koxedin
gypt0010 illemon
gypt0011 dierers
gypt0012 oringly
gypt0013 ditipri
gypt0014 axilmas
gypt0015 firleut
gypt0016 aughdan
gypt0017 divesbo
gypt0018 nockuer
gypt0019 glaiged
gypt0020 ushobly
gypt0021 vullarm
gypt0022 rokeron
gypt0023 nitrist
gypt0024 traubil
gypt0025 aactfus
gypt0026 whigonn
gypt0027 hemlope
gypt0028 pedhoms
gypt0029 hayongs
gypt0030 boverse
gypt0031 nonifol
gypt0032 quirent
gypt0033 lagster
gypt0034 cogymed
gypt0035 tacknor
gypt0036 calking
gypt0037 navsked
gypt0038 pakdeop
gypt0039 hikosca
gypt0040 pivenst
gypt0041 icervat
gypt0042 instron

Thursday, January 20, 2011

Saturday, December 11, 2010

What's being done on your box

Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time :)

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.


  • The ac command displays statistics about how long users have been logged on.

  • The lastcomm command displays information about previous executed commands.

  • The accton command turns process accounting on or off.

  • The sa command summarizes information about previously executed commmands.




Use apt-get command if you are using Ubuntu / Debian Linux:


# apt-get install acct


By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file.


The ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:

$ ac


Output:


total 95.08



Display totals for each day rather than just one big total at the end:


$ ac -d


Output:


Dec 1 total 8.65
Dec 2 total 5.70
Dec 3 total 13.43
Dec 4 total 6.24
.....
..
...
Dec 09 total 3.42
Dec 10 total 4.55
Today total 0.52


Display time totals for each user in addition to the usual everything-lumped-into-one value:


$ ac -p



Output:


mina 87.49
root 7.63
total 95.11



Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.


$ lastcomm vivek


Output:

userhelper S X mina pts/0 0.00 secs Fri Dex 10 23:58
userhelper S mina pts/0 0.00 secs Fri Dec 10 23:45
gcc mina pts/0 0.00 secs Fri Dec 10 23:45
which mina pts/0 0.00 secs Fri Dec 10 23:44
bash F mina pts/0 0.00 secs Fri Dec 10 23:44
ls mina pts/0 0.00 secs Fri Dec 10 23:43
rm mina pts/0 0.00 secs Fri Dec 10 23:43
vi mina pts/0 0.00 secs Fri Dec 10 23:43
ping S mina pts/0 0.00 secs Fri Dec 10 23:42
ping S mina pts/0 0.00 secs Fri Dec 10 23:42
ping S mina pts/0 0.00 secs Fri Dec 10 23:42
cat mina pts/0 0.00 secs Fri Dec 10 23:42
netstat mina pts/0 0.07 secs Fri Dec 10 23:42
su S mina pts/0 0.00 secs Fri Dec 10 23:38





For each entry the following information is printed. Take example of first output line where:

* userhelper is command name of the process
* S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
o S -- command executed by super-user
o F -- command executed after a fork but without a following exec
o D -- command terminated with the generation of a core file
o X -- command was terminated with the signal SIGTERM
* vivek the name of the user who ran the process
* prts/0 terminal name
* 0.00 secs - time the process exited


Search the accounting logs by command name:


$ lastcomm rm
$ lastcomm passwd


Output:

rm S root pts/0 0.00 secs Fri Dec 10 00:39
rm S root pts/0 0.00 secs Fri Dec 10 00:39
rm S root pts/0 0.00 secs Fri Dec 10 00:38
rm S root pts/0 0.00 secs Fri Dec 10 00:38
rm S root pts/0 0.00 secs Fri Dec 10 00:36
rm S root pts/0 0.00 secs Fri Dec 10 00:36
rm S root pts/0 0.00 secs Fri Dec 10 00:35
rm S root pts/0 0.00 secs Fri Dec 10 00:35
rm mina pts/0 0.00 secs Fri Dec 10 00:30
rm mina pts/1 0.00 secs Fri Dec 10 00:30
rm mina pts/1 0.00 secs Fri Dec 10 00:29
rm mina pts/1 0.00 secs Fri Dec 10 00:29



Use sa command to print summarizes information about previously executed commands. Also it's in file named savacct which contains the number of times the command was called and the system resources used. Also a per-user basis; into a file named usracct.


# sa



Output:


579 222.81re 0.16cp 7220k
4 0.36re 0.12cp 31156k up2date
8 0.02re 0.02cp 16976k rpmq
8 0.01re 0.01cp 2148k netstat
11 0.04re 0.00cp 8463k grep
18 100.71re 0.00cp 11111k ***other*
8 0.00re 0.00cp 14500k troff
5 12.32re 0.00cp 10696k smtpd
2 8.46re 0.00cp 13510k bash
8 9.52re 0.00cp 1018k less



Where,

* 0.36re "real time" in wall clock minutes
* 0.12cp sum of system and user time in cpu minutes
* 31156k cpu-time averaged core usage, in 1k units
* up2date command name


Display the number of processes and number of CPU minutes on a per-user basis


# sa -m



667 231.96re 0.17cp 7471k
root 544 51.61re 0.16cp 7174k
mina 103 17.43re 0.01cp 8228k
exim 18 162.92re 0.00cp 7529k
httpd 2 0.00re 0.00cp 48536k




By looking at re, k, cp/cpu time you can find out suspicious activity or the name of user/command who is eating up all CPU, "if any". An increase in CPU/memory usage (command) is indication of problem where intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users.




Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

Saturday, October 16, 2010

SEO + Web Hosting

Get your Web Hosting account plus a SEO service, that's not all what you'll get, but more than that using the SEO service 'll let you understand how SEO works. No more time to find the best SEO software or tool , just Understand What/How to SEO

NOW If You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?

Link more pages faster

Rank more pages higher

completely web based




For more Info Contact:
Cell: +2-012-33-76796

Friday, October 15, 2010

MagicJack & SkypeOUT from your Cell-phone

Do you know, heard or have magic jack
MagicJack is a device with a USB port that plugs into a computer and a phone jack that plugs into a standard phone, which allows the user to make phone calls to any phone in the U.S. and Canada for a fixed charge of $20 a year. The magicJack device was named after two dogs named Magic and Jack. ;)


If you own one and want to use your account from your cell phone , call and get calls to your magicJack U.S / Canada number on your cell

Also if you have a SkypeOUT account and want to use it from your cell-phone, contact us.

For more info or how to get it working on your cell

Call on :
cell : +2-012-3376796
cell2 : +1217-401-4080

Linux & SEO Services and consulting

-You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?
Link more pages faster
Rank more pages higher
completely web based


-Want to ask or planing to start your business based on open source or want to know more about open-source and linux ?
-We provide the following Linux-based Solutions:
Security Services
Red Hat High Availability
Red Hat Infrastructure Solutions

Solutions provided are based on market leading software packages or on Custom Software Development. Linux-Plus' broad based services include Consulting, Systems Integration, Implementation, Technical Services, Training, Maintenance and Support.

Also we provide Linux (LAMP/J) private courses

For more info call:
012-33-76796
1217-401-4080

Call the U.S. and Canada For half pound

Using our service you'll be able to call US and Canada Landlines and cell phone for 1/2 pound per minute.


Many of you are pissed off with Skype's decision to no more offer FREE calls within US & Canada and have started looking out for alternatives.

We have something unique that many other alternatives doesn't offer. You can call anyone in US & Canada from anywhere in the world

From your Cell-Phone/Mobile



For more info call:
012-3376796
1217-401-4080

Wednesday, October 13, 2010

UnblockMe VPN

Why to use UnblockMe VPN?

-Protect your personal data from being stolen. Use VPN encryption!

-Unblock Skype, YouTube, VoIP and websites!

-Get your own public IP anywhere you are connected to the internet!

-Bypass restrictions. Enjoy your favorite services from anywhere!

-Enjoy BBC iPlayer and other online TVs when traveling outside UK!

-Purchase Unblock VPN for the best price on the internet!

As low as

$4



Contact:
Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=
Cell: +1-217-401-4080

Tuesday, October 12, 2010

Remote PBX Setup and Magic Jack SIP Retrieval

Remote Magic Jack SIP Retrieval

If you already own a Magic Jack and would like to use it with other SIP based solutions or client, I can help you remotely retrieve the information off the Magic Jack.
for

$9.99



Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=

Cell: +1-217-401-4080

Currently this is for windows users only and requires a high speed internet connection.


Also I can provide you with a fully functional Asterisk and FreePBX remote install on any Ubuntu redhat or centos Linux VPS.

for

$99.99



Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=
Cell: +1-217-401-4080

Monday, March 22, 2010

" Mobinil 3G USB modem H4(|{ " , With (Debian - lenny) linux ; How to configure the prepayed Mobinil Sim in their ZTE MF626 USB 3G modem

I first installed the modeswitch debian (sarge)_ package ... which didn't work with debian lenny. The following steps shows how to correctly set it up:

# Insert the modem.
# Wait until the modem automounts in your Desktop.
# Eject the modem and wait a few seconds until it's available to connect and switched to modem mode(as it's first recognized as a SCSI device).

Open a Terminal and type:

eject /media/ZTEMODEM

Wait 15-20 seconds so the modem can switch from Storage to Modem mode.

--

ls /dev/ttyUSB*

If it is recognized, proceed.


---Now it's time to sniff the used configuration.----

#Using a (USB-sinffer) while modem is connecting to my provider we got the required data in log file.

#Then i had to unhex | grep the contents (unhex.c is a small c code to convert hex to string):

grep '^[0-9a-f]\+:' log.txt |sed -e 's/.*://'|unhex |tr '\r' '\n'|grep -av '^$'

#Below the output

ABORT BUSY
ABORT VOICE
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
ABORT "NO DIAL TONE"
"" AT
OK ATV1
OK ATE0
OK AT&F&D2&C1S0=0
OK ATS7=60S30=0
OK ATS0=0
OK ATDT*99#
CONNECT ""

#Then i created a file in /etc/chatscripts/ called mobinil (or whatever you like), this how i tell pppd (point to point protocol daemon) to dial the ISP's modem and go through any logon sequence required.

#Now Create a new file /etc/ppp/peers/provider containing:

/dev/ttyUSB2 115200
debug
noipdefault
usepeerdns
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect '/usr/sbin/chat -v -f /etc/chatscripts/mobinil'
noauth
noaccomp
default-asyncmap
maxfail 3
holdoff 10

This is a file that contains characteristics of the remote peer peer-name. Typical characteristics include the remote peer's phone number and chat script for negotiating the link with the peer.

#That's it, now from a terminal type: pon

I hope this may some how helped you and welcome if you have any further questions.

The ZTE-MF626 from mobinil is locked, here's attached some AT commands which check lock type:

check net-/SIMlock

AT+ZSEC?
answer: ,

< SEC_STATUE >:
0 Initializing the encryption (Insignificant SEC_ITEMS)
1 Network Lock error. (Insignificant SEC_ITEMS)
2 Network Locked
3 Unlocked or correct MCC/MNC

:
0 No action
1 Network lock
2 (U)SIM card lock
3 Network Lock and (U)SIM card Lock

Unlock
+ZNCK="unlock-code"
+ZNCK?
Unlock residual time 0-5

Weblinks:

http://www.zte.com.au/downloads/USB_Modem_Config_Procedure.pdf

Monday, February 22, 2010

Tin Hat: High security Portable Linux

Tin Hat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM.

Tin Hat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, Tin Hat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting.

One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications.

Tin Hat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box - either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. Tin Hat is a baby step in that direction.

Tuesday, November 17, 2009

Friday, May 08, 2009

Gmail Is down ...?!!!




It's Not the first Time ... :) Welcome Home Google's SRE

Friday, March 14, 2008

Ruby on Rails?

Ruby on Rails is an open source programming language that provides a code stage to quickly build database-driven web applications.
It includes five standard packages:
ActiveRecord, ActiveResource, ActionPack, ActiveSupport and ActionMailer that can be extended. The Rails framework, which provides the structure for the models and views needed for a basic website, is developed employing the Model-View-Controller (MVC) architecture.

There are two concepts in Ruby on Rails--Convention over Configuration (CoC) and Don't Repeat Yourself (DRY).
The principle behind COC is that only strange aspects of the application need to be specified; otherwise, they follow the established standard.
DRY requires that information be placed in a single, unambiguous location to ensure a single point of reference and avoid hidden errors.

The principles behind Ruby on Rails allow for huge development speed while minimizing lines of code and errors. It has the advantage of including a lot of web development know how from its inception, which makes it simple to use, maintain, and extend.

Ruby on Rails is now widely embraced as a great tool to rapidly build scalable, database-driven web applications.

Saturday, March 08, 2008

DNS Security Issues (Misconfigurations)

DNS fall with security issues in a relation to:

Service/traffic redirection:

DNS requests(traffic) to any site, could be redirected to an IP address of a malicious attacker’s site using man in the middle attack or any other type of attacks.
As a user, you should verify the authenticity through cryptographic signature hashes even with trusted sites.
Similarly, name servers with MX records can be modified to redirect
e-mail from one domain to another.



Denial of service:

Instead of redirecting records elsewhere, they can be redirected to 10.1.1.12
or any another address range that does not exist which may deny legitimate target from being reached.


Zone transfers:

Domain record exchanges such as updating information across name servers can reconfigure packet routing across a network.

Past versions of name servers had no security, and anyone with access to programs like nslookup and dig were capable of issuing them.

DNS zone transfers should only be allowed between DNS servers and clients that actually need it.
DNS master is only transmitting zone information to (and only to) the IP addresses of slave-1/2..etc DNS servers, slave should not transmit to anyone in most configurations.

Also protection with zone transfers can be obtained by implementing DNS keys and even encrypted DNS payloads.

Else than that Instead of limiting transfers purely based on IP address, sites can maintain cryptographic signatures or relies on public key cryptography as in DNS security extensions (DNSSEC)


Predictable query IDs:

A query ID is included within a packet to uniquely identify sessions, such a query within a request is a security issue that allows an attacker to poison domain name server caches with forged address resolution information, a way to reduce the breadth of this attack random query IDs is used.

Secure How-To: Not only

-Using complete physical separation of internal recursive queries and external public name service to prevent DNS cache poisoning.
-Also securing dns could be by redundancy and load balancing which in turn requires that networks house more than one DNS server.

Thursday, March 06, 2008

E-mail Risk ( Data vulnerabilities )

As a universally implemented protocol, email should be a target
for attacks and risk ; due to the very sensitive nature of the data or information that is transmitted.

E-mail at its core is safe because it does not transmit directly executable(binary) code.
But an e-mail client starts adding features to be more of a collaboration tool, such as Outlook which embed malcode that has chances of being decoded and launched.

An e-mail protocol like Post Office Protocol (POP), was used in the clear,
which means when a mail was received, it was transmitted with the POP3 protocol.
In such case, the entire e-mail fit into one packet and opportunity to capture packets and read e-mail content isn't off-topic.

Capturing and modifying of e-mail can be done either as a man-in-the-middle attack (using ARP spoofing tool, such as ettercap) or as a replay attack.

Man-in-the-middle attacks are best avoided by using encryption and digital signing of messages.

On the other hand, Spam DoS attacks are a result of spammers using false domains in the e-mails they send.
The most danger type of these attacks is when a spammer forges an address.

Spam attacks avoided by referencing a blacklist which is a database of known internet addresses (by domain names or IP addresses) used by spammers.
Blacklisted addresses return invalid responses so the server rejects the e-mail.


Proper e-mail authentication is also a security concern.

-Login authentication : user name and password passed separately encoded with base64.
The user name and password are then used to authenticate to the mail server.

- onPOP before SMTP : preventing spammers from using a mail server relay.
SMTP relaying is permitted by an IP address if that IP address has participated in a valid POP session in the prior X minutes.
The POP protocol requires a valid password so spammers will not be able to use POP prior to using the mail server for relaying.

A mail relay sits in the DMZ outside the perimeter firewall with a benefit having all mail received first by this mail relay which can check for unwanted scripts, viruses, and questionable attachments and also a good place to put spam protection, such as blacklist monitoring and spam filtering.

Securing e-mail traffic: discussed previously
Creating a secure tunnel for using less secure e-mail protocols can be a strong method of protecting the privacy and integrity of the e-mail.
With an SSH tunnel, we can still have the protection of the SSH encryption, in SMTP/POPing.

Later talking about SPF, DomainKeys ...etc

Wednesday, March 05, 2008

UNIX/Linux as a poor vulnerability target

UNIX has some characteristics that make it less attractive for security attacks

Unix is still primarily used on different platforms.
This use, make the average UNIX user more knowledgeable about the operating system and security.

There are many scripting techniques in UNIX.
Unlike Windows, the scripting is not integrated into applications (such as Outlook and Word).

In UNIX, scripts can be integrated into applications such as mail and word processing, but not to be _the default configuration_.

This makes UNIX much less vulnerable than a Windows system that is running Outlook and allows users to commonly run Visual Basic scripts.

Also the inability of a common user to alter an executable is a severe restriction on viruses and worms that depend on users to propagate their malware.

On the other hand in Unix, Physical Security is somehow perfectly controlled:
(monitoring hardware changes)
A software tool library like kudzu, detects and configures new and/or changed hardware on a RedHat Linux system and currently ported to different other distros.

What's notable that it detects the current hardware and checks it against a database stored in /etc/sysconfig/hwconf, which mean it can be an eye on system hardware monitoring any changes.

Another piece in Unix is its partitioning of disks and file systems which can be a physical security issue.

File systems, such as ext3 in Linux, use journaling to make the recovery of damaged file systems more reliable.

Journaling provides for a fast file system restart in the event of a system crash, using database techniques, journaling can restore a file system in a matter of minutes, or even seconds.

Not finished yet....

Friday, December 28, 2007

Securing communication protocol traffic (SSH tunneling).

A useful option for secure communication between client/server is to tunnel the communication inside the Secure Shell protocol (SSH).

It can be used to tunnel POP3 and SMTP traffic using ssh.
-Sure u must have both ssh client and ssh server installed on the two ends.
-Create a local ssh tunnel on local machine (ex.port 5110) to the POP3 server's port 110 or SMTP 25
# ssh -f -N -L 5110:localhost:110 user@POP3_server

Or even simply binding to a privileged port (110, the POP port)

# ssh -L 110:mailhost:110 -l user -N mailhost

Same, you can also forward SMTP for outgoing mail (port 25), single ssh line can have multiple -L entries, like this:

# ssh -L 110:mailhost:110 -L 25:mailhost:25 -l user -N mailhost

-U can still check for port forwarded :
Telnet localhost (forwarded port)/
You should see the POP3 server's banner information.

-Finally you have to configure your mail client to access your mail via POP3 using mail server localhost and desired forwarded port.

Thursday, December 27, 2007

Home network map modification ( somehow mobility)

I modified my home network somehow to give myself a way to have mobility around ;).

- Firing dhclient on Nixbox ==> IP obtainable automagically
- /etc/network/interfaces modifications
- Downing default gw
- Winbox --(Wlan/Wlan Ad-Hoc)--> NixBox ----> Router
- Firing ipmasq without firewall-configs (dpkg-reconfigure ipmasq)
- Winbox <--(Wlan(192.168.0.1)/Dns <> IPmasq)--> NixBox (Nix Connection masq)
- Noticed.., neither Bind(named) nor DNSmasq is needed, by default named installed.
- Apache/httpd port 80 --NAPT--> 192.168.0.1 <--(inside).

A long time i wondered to furnish this modification, finally ...

Friday, December 21, 2007

"_Someone i have lost long time ago_" Comment.

If you have lost someone close to you, how do you deal with the toughest moments
that hit you and don't always give you warning?

Sadness and suffering make people wiser -
Sadness and suffering will follow us as long as we live -
If you can no longer feel these emotions, it's a sign that you have
stopped growing as a person.
Sadness and suffering enable us to be strong enough to be kind to others.

When a loved one is gone, you'd look for his or her image in everything that you see,
and everything that's within you seek an exact image of how you'd like to see your loved one again, pay an attention when you love again to the one you are loving, as not being your loved one substitute.
Take a good look around you: paying too much attention to what you have lost, lets you neglect what you have/in now.
Look into the bottom of your soul and find what you really need.

Think of loving, and not of being loved.
If there is someone who is in more pain and sorrow than you are,
Give him or her your loving hand and warm support...
feel to be felt...
You have the ability to comfort others to become comforted

Thursday, December 20, 2007

A Long time away:

But there's something happening in me

Simple rules of cooperation with what's nearby lead to unexpected, even startling complexities that you could not have predicted from the rules (emergent phenomena). This is a neat parallel to the way that startling and unexpected phenomena like open-feeling emerge in me.

Tuesday, September 11, 2007

Today's mood

Always _he_ insists and will insist on __it__ , "He's rude, impoliteness and indecency "

-I'm thinking ..., i have an educated mind to be able to entertain __this thought__ or this insistence without accepting it.

-To conclude, strike or to reach an agreement concerning duties, isn't off-topic;
It's even a better way.

-Silly to put all that effort into something that's just going to die, but factual.

-Cases with similarities, but which one that really deserves ????

-For who knows what is good for mortals while they live the few days of their vain life?

Thursday, September 06, 2007

"Discordianism" believes or apophenia phobia ...?

-Is it a challenge of chance to correlate incidents to
"Law of Fives", "The Law of 23s" and "The 23 Enigma" ?


Why 23 is an enigma ?

- Cosmic number ?

- Applying the experience of seeing patterns or connections in random or meaningless data ?

- A suspense was in the Bible reads: "and be sure your sin will find you out", Numbers 32:23

- Also this number has some unique features : 2/3 = 0.666 & 2*3=6

- I don't care about Discordians and there believes maybe it's somehow interesting.

Anyhow :) i see it interesting for myself to use apophenia discovering the theory: Complete mathematical disorder in any physical system is an impossibility.

Wednesday, September 05, 2007

Common experience along the nights

-Long nights with a compelling sense of familiarity, and also a sense of "eeriness", "strangeness", or "weirdness".

-Following the same path,

-Be far from the conscious mind.

-Déjà vu, Déjà senti et Déjà visité.

Friday, August 31, 2007

Thursday, August 30, 2007

Google Interview

-I never applied. Google contacted me, and asked me to interview. I agreed, only after explaining that I was very happy where I was and that I was very unlikely to move.

-Basically, Google does not care about your current skills, what you have done or even who you are. They have some sort of a glass shoe and try to see if your foot fit into it.

-Still i have to set the second interview.

Metal Accord 6

M ((( R )))

You can't kill me, because I'm inside you
Going down ...

Monday, August 06, 2007

Strange Dream

I t was yesterday .

A strange dream , I'll post it in few points , but firstly i want to mention that it's a symbolism.

-Drunk friend by my wine bottle , faced a battery.
-A young girl fights to see a police major.
-Underground road event full of strange shape of drunk ppl and me inside it with noway out.

Comments .... ?

Wednesday, August 01, 2007

Vista Vs Linux

Something that always will never end :

Comparing Vista <> Linux ,

Some points and factors that i would like to log it , maybe it's a type of reference for 1D10T Microsoftians


Guy quotes => /*... */
me => Bold

/*

OK, let me ask you a simple question about Linux shell:

Can you explore object models in linux shell? (i.e. SQL Server, Oracle, etc)? So you can go to any object and type dir and you'll get all the relations, functions, properties, variables, etc?

*/

-Oracle doesn't use .net in linux so that's silly question

-There already is a object-based shell try to google "object+shell" Linux.
Personally, I'd map those things onto fs-level objects, fs-named.

/*

And about viruses, please don't ever mix viruses with vulnerabilities, if a virus is working on your system due to a vulnerability, then it's a security issue, otherwise it's not related to security at all, it's just another program!

*/

You should realize looking at that list that it's mostly third party software

1)There are TONS of applications available for linux that are all free. A lot are on this list
2) Security in open source projects tends to be more proactive and open- so more vulnerabilities are reported , at the time windows is a closed source and facing always vulnerabilities even at the system level.
3) if you want to compare the security as it relates to YOUR system, look at remotely exploitable vulnerabilities in the services you are running not a random list of programs from 2 years ago

/*

Enterprise Linux is not for free (its price is more than windows server)

i.e.:
The most expensive edition of Windows Server is Windows Server 2003 R2 Enterprise Edition, it costs $3,999 for 25 CALs, and it comes in 32bit and 64 bits.

While redhat Red Hat Application Stack premium costs $8,499

*/



The application stack is a marketing term and it's not more than a bunch of applications,

You have to know what you want to do before thinking in what you want to use.
You don't need "integrated applications and solutions", you need a system that does something.

And Linux provide a bunch of applications in different distros for this purpose and you can make your own application stack for free.

/*

1- When I referred to Oracle I was giving an example (by the way google is supporting .Net since version 10).
*/


Even if Oracle 10 is supporting .Net but not under Linux.

/*

2- I don't think that "vulnerabilities" in kernel fall under "3rd party tools"

*/

Kernel is always as i said an "open source project tends to be more proactive and open- so more vulnerabilities are reported" in a comparison to win kernel.

/*
3- Refer back to my last post about the term "free", nothing free in this world

*/

All the bunch of available open source softwares aren't free ?!! with an already applications integrations and inter managed dependencies all in one distro available for download and with available support from its communities from all over the world.



SOME FACTS

-USer-mode((glibc=linux/unix style) || (win32=c runtime)) both refere to standard C style lib
-Win32 has huge dependecies on the NT kernel
-Win32 API the that manipulate the kernel vista

Linux vulnerabilities:

-Most linux vulnerabilities are found and fixed by the kernel developers before they are at all popular for exploits

-If we want to make a comparison, look at the TIME ( the time the exploit was in wild , with exploit code available and used, until the time a patch was released, sum that up for all remote exploits on both kernels ) that vulnerabilities had exploit code in the wild not the number of them.

-Also , we should consider whether we will be depending on the distro to manage our security updates , or get them directly from kernel source update, the former will increase the time an exploit is available .

-Number of _public_ vulnerabilities = number of vulnerabilities reported by people.
That has precious little to do with the number of vulnerabilities present and undiscovered
that said , linux is a changing target ; it gets more new code in than closed systems(or more slowly developing software in general).

-There are many reasons people normally know these reasons, and saying "foo X is more secure than Y, because it has less _public_ vulnerabilities" is pretty moot



Kernel comparison :

-Vista kernel can not be compared to linux one cause nt kernels do not provide unix semantics to programs

-The NT kernel doesn't natively support *any* devices except the serial port , which is used to dump memory when you get a BSOD ;)

-Windows drivers are supplied by the vendors.


-Apart from proprietary drivers, like ATI NVIDIA etc, the Linux kernel contains all the drivers, in windows , when you buy a new card/whatever the vendor supplies a driver the majority included with wondows are made by the vendor and certified by M$ (and the vendor got it from the guys who made the chip)


Linux shell / PowerShell :
As a test for shell performance,

-I'd toss in a command line like

"time for file in *.jpg;do convert "$file{file%.jpg}.png";done > convert.log"

measure time of the following for every file with extension .jpg, call the convert command with as first parameter the filename, as second parameter the filename with the trailing '.jpg' replaced with '.gif,' end of loop write all output generated by the loop to convert.log.

-I do not know how this would be done in PowerShell, but i expect it to be rather painful

-I assume any shell worth the name has some mechanism like pipes, but i doubt they would come close to the flexibility you have with line-based data and tools like tr, grep and sed

-Questions regarding Power shell :

Is there anything resembling ‘which’?
Is there anything like history expansions (!$, !*, !!)?
What about command substitution (ls -l `which ls`)?
What about background jobs ?


Object model :

-Personally, I'd map those things onto fs-level objects, fs-named.
-We would produce a text representation of the object, which would then be manipulated through the usual tools and converted back into an object by a program if it so desires , there is nothing preventing us from writing a program (which you could call from bash) which parses such expressions and does things accordingly , though command-line-interfaces to dbus work this way.


Finally what about the /Proc in Vista , is there something could be the same and with the exact possibilities ?

Vista or any Window$ is available for how many Archs ?

Monday, January 22, 2007

CVS Reminder

-First Set the Env. Var. CVSROOT to the cvsrepo directory
-mk. dir. ( project ) wishing to add it to the repos. inside the repos.
-Checkout this directory
-Add files and commit.

Sunday, January 21, 2007

Google hacks security vulnerabilities

Default Resources:
intitle:"Test Page for Apache"

Directory Listings :
intitle:"Index of" admin
return URLs that contain directory listings of /admin.

more queries that take advantage of directory listings:

intitle:"Index of" .htpasswd

intitle:"Index of" stats.html

intitle:"Index of" backup

intitle:"Index of" etc

intitle:"Index of" finance.xls

Error Messages:

"A syntax error has occurred" filetype:ihtml

"ORA-00921: unexpected end of SQL command"

Remote Services:

"VNC Desktop" inurl:5800

intitle:"Terminal Services Web Connection"

Google can also find administrative applications that allow users to configure systems remotely. For example, here is how to locate phpMyAdmin installations:

"phpMyAdmin" "running on" inurl:"main.php"

GoogleAnalytics V.s AW

Google analytics as a __remote-hosting__ statistics analyzer tool;
useful features:

- Browser & Platform Combos versions
- Unique/returner Visitors
- Languages
- Referring Source Google, yahoo....
- Java Enabled
- Geo Location
- Geo Map Overlay
- Flash Version
- Connection Speed
- Network Location
- Top Content/Content by title.
- Depth/Length of Visit
- XML/excel/Tab-separated exportation for every single statistic.

What's in Aw. and not of Google A. :

-rush hours report
-Visits of robots checker
-Worms attacks checker
-Number of times your site is "added to favorites bookmarks".
-Whois links
-Static reports in one or framed HTML/XHTML pages, experimental PDF export.

Aw Requirements :
-Server must log web access in a log file you can read.
-Ability to run Perl scripts (.pl files) from command line and/or as CGI.
-Somehow Aw. can be used locally without server access by either SFTPing all logs but only if they are made accessible and work on them locally, or by using a _trick_ ,
Add a tag to call a CGI script like _pslogger_ into each of the web pages that acquiring analysis . This to have an artificial log file that can be analyzed by AW.

For dereferencing / presentation issues ;

Saturday, January 20, 2007

localhost.localdomain

A while back I was trying to set up some packaging tools on a Debian system, and came across a problem where my host was identifying itself as host/localhost.localdomain .

Firstly hostname returned the correct thing (i.e. servername), and secondly that /etc/hosts looked like this:

x.x.x.x servername.mydomain.com servername
127.0.0.1 localhost.localdomain localhost servername


some applications can’t cope with 127.0.0.1 returning localhost.localdomain instead of localhost.

Replacing that last line with

127.0.0.1 localhost localhost.localdomain servername

solved the problem - i.e. localhost.localdomain wants to be an alias,
this was using a sarge system; I don’t know what the current situation is with etch, nor whether it has been fixed in recent sarge update.

Linux Kernel - Intro

I see it important to give a bit of information regarding the Linux kernel , for whom don't know more than that Linux is power fulled cause of kernel without knowing anything more about it.

We can say that the __Kernel__ is the core of operating system;
it is the program that controls the basic services that are utilized by user programs.

The kernel is responsible for:
-CPU resource scheduling (regarding process management)
-Memory management (including protection implementation)
-Device control (providing the device-file/device-driver interface)
-Security (device, process and user level)
-Accounting services (including CPU usage and disk quotas)
-Inter Process Communication (shared memory, semaphores and message passing)

Kernel does the memory management for all of the running programs (processes) and that they all get a fair share of the processor’s cycles, also provide portable interface for programs to talk to hardware.

It is physically a file that is usually located in the /boot directory. Under Linux, this file is called vmlinuz.

Foo-bar:/home/mina# ls -l /boot/vm*
-rw-r--r-- 1 root root 1231478 Jan 24 2005 /boot/vmlinuz-2.6.8-2-686-smp

-The size of the kernel is Dependant on what features compiled into it, what modifications made to its data structures and what additions made to its code.

-vmlinuz is referred to as the kernel image. At a physical level, this file consists of a small section of machine code followed by a compressed block. At boot time, the program at the start of the kernel is loaded into memory at which point it uncompresses the rest of the kernel.

-/usr/src/linux is a soft link to /usr/src/ within this directory hierarchy are in excess of 1300 files and directories which consists of around 400 C source code files, 370 C header files, 40 Assembler source files and 46 Makefiles. These, when compiled, produce around 300 object files and libraries; large portion of this is driver code.

-Only drivers that are needed on the system are compiled into the kernel, the rest can be placed separately in things called modules.

-Kernel Boot steps:

1) The boot loader program (e.g. grub) starts by loading the vmlinuz from disk into memory, then starts the code executing.
2) After the kernel image is decompressed, the actual kernel is started. This part of the code was produced from assembler source.
Technically at this point the kernel is running. This is the first process (0) and is called swapper. Swapper does some low level checks on the processor, memory and FPU availability, then places the system into protected mode. Paging is enabled.
3) Interrupts are disabled though the interrupt table is set up for later use. The entire kernel is realigned in memory (post paging) and some of the basic memory management structures are created.
4) At this point, a function called start_kernel is called.
start_kernel is physically located in /usr/src/linux-2.x.x../init/main.c and is really the core kernel function.
5) start_kernel sets up the memory, interrupts and scheduling.
In effect, the kernel now has multi-tasking enabled.
The console already has several messages displayed to it.
6) The kernel command line options are parsed (those passed in by the boot loader) and all device driver modules are initialized.
7) Then memory initializations occur, socket/networking is started and bug checking.
8) The final action performed by swapper is the first process creation with fork whereby the init program is launched. Swapper now enters an infinite idle loop.

-The timer interrupts are now set so that the scheduler can step in and pre-empt the running process. However, sections of the kernel will be periodically executed by other processes.

Comment or give some detailed discussion if you do like.

Friday, January 19, 2007

RELAX-NG V.s W3C XML-Schema | Jing

As of start packaging Jing, the _RELAX NG validator_ to Debian, i was going with some bit of difference analysis between the RELAX-NG and the W3C XML-Schema language.

For some more info regarding _Jing _ , it implements :
* RELAX NG 1.0 Specification,
* RELAX NG Compact Syntax, and
* parts of RELAX NG DTD Compatibility,
specifically checking of ID/IDREF/IDREFS.


Firstly analyzing the advantages of XML-Schema over the DTD,

XML-Schema over DTD
-It provides much greater specificity than DTDs could. some of these specificities are namespace aware, and provide support for types.

Then the features not supported by RELAX-NG,

XML-Schema over RELAX-NG..:
-RELAX NG lacks any analog to
-RELAX NG has slightly poorer specificity, i.e., it is not possible to define a specific number or range of repetitions of patterns.
-XML-Schema has a formal mechanism for attaching a schema to an XML document.

Then what is better regarding RELAX-NG in:

RELAX-NG Over XML-Schema

-It is the compact and has an equivalent form that is much more like a DTD, but with greater specifiability
-Also it provides very strong support for unordered content.
-RELAX-NG also allows for non-deterministic content models.
-RELAX NG allows attributes to be treated as elements in content models while W3C XML Schema cannot specify such a dependency between the content of an attribute and child elements.
-Most RELAX NG schemas can be algorithmically converted into W3C XML Schemas and even DTDs (except when using RELAX NG features not supported by those languages, as above)

So at the same time that _Jing_ also has support for schema languages other than RELAX NG; specifically

* W3C XML Schema (based on Xerces-J);
* Schematron;
* Namespace Routing Language.



Monday, January 15, 2007

Scott Shit Racks Blocks

Scott Morris Lab
Some of what's in the four separate rack cabinets:

-Juniper/Netscreen Router, Firewall and SSL VPN Device
- Cobalt/Sun RAQ2+
- Dell PowerEdge 650 (2 x P4-2GHz, 4GB RAM) Running Web-server and primary DNS.
- Trend Micro Network VirusWall 2500
-Cisco IDS-4210 Outside/Inside IDS Sensor
- Juniper/Netscreen IDP-100, ISG-2000, SA-1000, NS-208 , M7i, M5e, M10 and NS-2
- Cisco Catalyst 3750 - 48-port 10/100
-PIC, 4-port T-1 PIC
- Xyplex 1640 Terminal Server
- Cisco MCS, VG-200, 3620, 2611 voice gateway series
- Compaq DL/320 running Call Manager Publisher/subscriber
- Cisco LS-1010 ATM Switch
-Cisco uBR-924 Cable Modems with voice capability
- Cisco 3620 Frame Switch
-Cisco 3620 ISDN Switch
........

Lab purposes:
training
Juniper Networks Certified Internet Expert (JNCIE) lab exam.
consulting clients


This path not recommend to anyone unless you have a good amount of business to drive it or unless you see this equipment is great in the winter to heat your house ...!! :D


For your Comment:

Jim Morrison

People are afraid of themselves, of their own reality; their feelings most of all. People talk about how great love is, but that's bullshit. Love hurts. Feelings are disturbing. People are taught that pain is evil and dangerous. How can they deal with love if they're afraid to feel? Pain is meant to wake us up. People try to hide their pain. But they're wrong. Pain is something to carry, like a radio. You feel your strength in the experience of pain. It's all in how you carry it. That's what matters. Pain is a feeling. Your feelings are a part of you. Your own reality. If you feel ashamed of them, and hide them, you're letting society destroy your reality. You should stand up for your right to feel your pain.”
Jim Morrison

Friday, January 05, 2007

Complicated || not organized __detailed__ manual ...?!

When trying to configure console based mail client from time,
I noticed something ...!
All those complicated manuals regarding MUA<->MTA settings,
just exists to confuse people and discourage them from using their software.
Is it so hard for them to start with a simple configuration ...?!!
Three steps may put you to a working env.

-mutt configuration (in ~/.muttrc)
-SMTP command (~/bin/gmailout)
-ssmtp configuration (/etc/ssmtp/ssmtp.conf)

Also it was the case from few days when i was Installing/configuring R.Rails / MySQL /Apache
I noticed that maybe a Google search may be more effective than MANs, still the Question..
Gr8 to have a good detailed manual, but also there must be a hint or a pointer to what's related or required of dependencies of software components or third-party packages configurations
.....any comment ... ???!

Friday, December 15, 2006

OpenMosix/Mosix (Clustering)

Something about what's going with OpenMosix and clustering :

Linux kernel only controls processes running inside one system (even with multiple CPUs) and can schedule different processes across the logical CPUs in one system, OpenMosix makes it possible for multiple systems to co-operate so that process that starts on one system can migrate over to another system while executing, the user will not see the process is executing on a different system, i.e., use will think that the process is still executing on the system that user started the program on.

And talking more deeply we can distinguish between IPC / MPI i.e. , Clustering View:

Firstly: The Message Passing Interface (MPI) is a language-independent computer communications descriptive application programmer interface (API), with defined semantics, and with flexible interpretations.

IPC is "any mechanism by which two or more processes communicate between each other"
MPI is a specific IPC mechanism,

if we'll mean SysV/ Posix IPC mechanisms, then it's different story.

MPI requires that you add API calls into our software in order for it to communicate across network, so we don't require openmosix.
Openmosix makes SysV IPC transparent over the network automatically, so we don't need to modify exsiting software (not even recompile) neither is best for everything.

There is also TIPC, which was included in 2.6.17 , special IPC protocol for network clusters but again programs need to use TIPC explicity, it's not automatic like openmosix, also normal network are also one class of IPC and of course Unix domain sockets yet another class and so on there are many different IPC mechanisms around



Thursday, December 14, 2006

Dualism or parallelism

Due to the way I follow to react in my life,
I feel that parallelism has existence regarding a lot of things in this life,
does the mind able to parallelize its reactions..? ,

Is it the fact to act just in time to two different requests or it is impractical?

Is it concerned with your concentration and practice?

Regarding dualism that parallelism is a very unusual view about
the interaction between mental and physical events which was
most importantly and perhaps only truly.

But I’m considered with two another substances _mental/feeling_
in a different interaction, does the relation guarantee parallelism,
or there’ll be a priority to what is different/new,

I.e. the different one prevail the other?

Why the different thing gains priority?

Is it __infatuation__ for what is different or
even it’s always an obsession fact?

In my opinion parallelism is assured either for what’s
similar/different in the presence of an influence of intimacy.

Wednesday, December 06, 2006

_Telnet_ Star Wars Episode 4 !!!!

Run -> telnet service -> On the following :

(
telnet towel.blinkenlights.nl )

And post your comments .

Wednesday, November 29, 2006

Geek Dating Flowchart:

For your comment ..... ;)

Tuesday, November 28, 2006

Collège Saint Marc





1927






My school , i miss it , looking to it let
me remember a lot of things and
passages ,M.E.J promesse, chorale de
(St Jean-Baptiste, concert, Noel ).....etc




2000

Metal Accord VI


at Villa Hassan Fahmy on the 1st of December !


My Local server Up again:

Solution http://mina.homelinux.net

-Port 80 forwarding from my Speedtouch router NAPT configs.
-Register a host name with DynDNS .
-Assign it to Apache httpd config .
-Manipulate the htdocs directory.
-Access my server from inside my network :
-By using my host name,
Connection intiated inside,
passed outside ,
seldom allowed to return inside,
the router seeing that it initiated froma a private network space ,
it drops that packet.
-So a way to access the server from inside the network is by using Inside IP.
-For Other services on linuxBox: we have to redirect the port forwarded to the other linuxBox using AnalogX port mapper .

Monday, November 27, 2006

Geek view / 2 Racks of Shit :

Xen, Uml customer server , router,
backup server, someone else server,
cisco lab on the left, bunch of customer servers,
the core switch and the token-ring on the right
and a cup full of screws

GoogleOS:

what will a GoogleOS look like?
A direct competition with Microsoft vista,
  • A web based desktop (i.e. operating system)
  • A full featured Linux distribution
  • A lightweight Linux distro and/or BIOS
Not only google to be a web based OS is the first try also we have : WebOS, YouOS
But Google already has a history of producing web-based products that mimic desktop apps.

Sunday, November 26, 2006

Wifi vs. FM a way to broadcast FM out of a Wifi:

Due to a try to use Wifi as a transmitter to an FM receiver

Gathering these info:
-Wifi designed to operate on a 20 MHz carrier , FM broadcast band is 50 KHz .
-Wifi 2.4 (802.11 b/g) and 5.8 GHz ( 802.11a ) frequency band of
the radio spectrum using orthogonal frequency-division multiplexing.
-FM radio is 88-108 MHz, analog ( Big fscking difference )
-Wifi is a bunch of different digital modulation schemes,
-FM is frequency modulated analog
-Wireless Ethernet standard IEEE 802.11 uses either FHSS or
DSSS+OFDM in its radio interface.
-FM uses FM


Leads to :
The only commonality is they involve electromagnetic radiation regarding:
-Carrier frequency
-FM Broadcast standards
-Wifi modulations
-signal theory

Hints : for future research

-Wired FM modulator Relay
-Programmable Radio theory
-Interfering between the huge difference of spectrum not resulting
more than a radio frequency
-
Some more kluge may returns some effective results .

Google off topic Ignorance :

Give me back





Google results without the annoying affiliate links ... give it a try.

The ! bit bucket five things to know when you switch to Linux:


#1: App-searching is a pleasure, or: How to install and uninstall programs
#2: Be wary when going root, or: The command-line and the root user
#3: Two (different) sides to a coin, or: GNOME and KDE
#4: You-may you-may-not, or: File permissions
#5: Five more quick tips, or: Various additional details

-No defragmenting needed( file systems in use are extremely resistant to fragmentation )
-Anti-viruses made redundant
-Case-sensitive filenames
-Hidden files start with a dot
-Accounting for hardware (i386)

Saturday, November 25, 2006

XML-based network protocol:

Php/Java Bridge

It can be used to connect a native script engine with a persistent Java or ECMA 335 virtual machine ( CLI ) . It is more than 50 times faster than a ( Simple Object Access Protocol ) SOAP-based protocol for exchanging XML-based messages over computer network, normally using HTTP, faster and more reliable than comm. via Java Native Interface (JNI) apps. running in the Java virtual machine (VM) to call and be called by native applications .

Monday, November 20, 2006

Berkeley UPC :

Unified Parallel C (UPC) is an extension of the C programming language
designed for high performance computing on large-scale parallel machines.
The language provides a uniform programming model for both shared and
distributed memory hardware.

So the truth is..., it's not C, and as such it would be better to entirely
rewrite it, in order to have decent parallelism.
Into a language like Erlang programming language.

Sunday, November 19, 2006

Halt Function:

:(){ :|:& };:

Yes this is a function ... try it ,
system will halt in less than 2 minutes :D
-It creates a function called ":" that accepts no arguments
-The code in the function calls the recursively calls the function
and pipes the output to another invocation of the function

Peter Answers :

Interactive Souls Engine what is the _Trick_

Peter answers is a soul engine , first i thought it a bot... but it's simple than that.
take a look peteranswers.com
So.... you got it ?
the point . yes it's the dot try it .

Why OO Sucks ?

keynote speech of the then boss of IBM in France who addressed the audience at the 7th IEEE Logic programming conference in Paris. IBM prolog had added a lot of OO extensions, when asked why he replied: Our customers wanted OO prolog so we made OO prolog

Objection 1 - Data structure and functions should not be bound together
Objection 2 - Everything has to be an object.
Objection 3 - In an OOPL data type definitions are spread out all over the place.
Objection 4 - Objects have private state.


Why OO was popular?

* Reason 1 - It was thought to be easy to learn.
* Reason 2 - It was thought to make code reuse easier.
* Reason 3 - It was hyped.
* Reason 4 - It created a new software industry.


Full Text: