Hey all, this post will be a shorter one. Not too much to talk about today, but I do have a bit of an insight into the new Apple iPhone firmware update.
After having my iPhone for the past month or so, I’ve found very few problems with it. In fact, I’ve never had a problem yet.
Well, that’s not completely true. I’ve never had a problem until earlier this week, when the new firmware was released. After about 24 hours of running my phone, I noticed two significant changes. First of all, my battery life was dropping faster than a kid coming off of a caffeine high. Secondly, my phone took a whole 3 seconds (yes, three – I counted) to respond to the “slide to unlock” bar. Those were two things that I was not willing to put up with.
After doing some reading up on the subject, I noticed that I wasn’t alone. Some people blamed the firmware, while others blamed the users. I blame both; clearly the issue wasn’t universal. A hard reset (ie. not using the “slide to power off” slider) seemed to be a temporary fix, but I wanted something more permanent. It seemed the only way to fix this was to do a DFU factory restore. The only catch is that when your phone restarts, you have to create a new phone profile, and NOT restore an existing backup.
The process was relatively painless. I only lost a few photos and my text messages (I’d love to have a way of backing up text messages!), but aside from that I got all of my old data back after loading it on again. The reset seems to have done the trick; here’s hoping it stays that way.
On September 1st, Microsoft released a security advisory regarding an exploit that was discovered in their IIS FTP service, which you can find here. In short, the vulnerability allowed servers which allowed anonymous write access to be compromised.
Opening up my email, I notice the vulnerability in my inbox, and a message attached asking me to find all the servers in the government which might be vulnerable to this exploit. Now, as you can imagine, it’s not like there’s 50 servers in the government. This isn’t a situation where you go to each server manually and check for the vulnerability. This worked out to be a perfect situation to use nmap.
Nmap, as I had mentioned last post, is a security scanner. It’s powerful: really, REALLY powerful. There’s so many command line switches that they have to use two characters for a lot of them, and they’re case sensitive as well. To top it all off, it also provides scripting support. In layman’s terms, you tell it to jump, and it asks you how high, how many flips it should do, what music should be playing in the background, and what the acrobat’s costumes should look like. You get the picture.
Anyways, the task was put before me to determine which servers were vulnerable, and how many FTP services could simply be turned off. After acquiring a list of IP addresses of assets, I sorted the list, changed each IP to refer to the class C subnet (255.255.255.0 or /24), and remove duplicates. I then came up with a list of IPs which had an FTP service. Some had closed ports, and others were filtered. Some of them were also open. A few quick grep commands and I had narrowed down the list to open Windows boxes. Below, I have the nmap command that I used to find all the servers with FTP running on them. I’d be curious to see if anyone has come up with a similar command that might be useful for this same purpose, and where improvements can be made.
./nmap -T4 -PS21 -p21 -O --max-rtt-timeout 200 --initial-rtt-timeout 150 --min-hostgroup 100 -oG /tmp/WindowsFTP.grep -iL ../WindowsServers24
For this Monday’s blog post, I’d like to stray a little from my typical technology discussions and focus on something far from that: dance. Not just any kind of dance, though. I’d like to quickly discuss swing dancing.
This might seem like an odd topic for a geek to discuss. After all, I’m supposed to be glued to my computer, make obtuse references to nerdy shows and movies, and have a natural inability to talk to women. While all of the above may or may not be true (heh), I also found myself two years ago to have an interest in swing dancing, thanks to a friend who convinced me to go to the University of Manitoba Swing Dance Club (UMSwing) open house (thanks Jacklynn!). Although initially I didn’t think I would enjoy it that much, I found myself addicted by the end of that open house, and walked out that night with a full membership. I’m still shocked that I’m even capable of dancing, but regardless, it’s a great way to get some exercise, meet new people, and get out of the house.
Two years later, and I’m on the executive committee for UMSwing as their omnipotent web administrator. I’ve met a lot of great people through the club, and by being on the executive committee, I can hopefully give back to a club which has helped me a lot. One of the events that is happening in just over a week is this semester’s open house, which I will be MCing. The club puts on one open house per semester, usually within the first few weeks. We pride ourselves on being able to teach anybody to dance, regardless of skill level. You don’t need to bring a partner to dance with, and you don’t need experience. We do some demos, teach you basic Jive, and do some social dancing. Oh yeah, and there’s a bunch of prizes that we will give away.
- Multi-Purpose Room (MPR), 2nd Floor University Center, University of Manitoba
- September 16, 2009 @ 7:00pm – 11:00pm
- No experience required!
- No partner required!
So, if you have nothing to do that night, come out and enjoy yourself.
UMSwing’s classes tend to be geared towards beginner swing dance. If you happen to have swing experience, HepCat Studio is a swing studio that is starting up today at 6:00pm. The first class today is free, and they will teach both beginner and intermediate swing dancing. You can find their website over at http://www.winnipegswing.com.
So, I will continue with random technological rants and whatnot next Friday. Methinks that my next post will probably discuss my upcoming server build and the parts involved. Although I had posted on it a while back, I’ve solidified my decisions for the next server incarnation. It will be awesome. Very, very awesome.
Looking forward to going to work Is a feeling that I’ve never felt before this week. It’s an odd feeling, and one I don’t know if I will ever completely get used to. Of course, I’m sure the feeling will wear off after a while.
In the past week, I have gotten a number of experiences that I would not have gotten any other place. My first two days were spent trying to break into a web application on a VM. Although I managed to get access to a few things, I never really got that far.
Today presented a similar scenario. In a virtual network, there were a number of computers: some desktops and some servers. I had to gain access to some “fianancial information” hidden on a server, using exploits in the other machines to gain access. Although I needed a few hints here and there, I managed to get the sensitive information using a variety of tools, including two kernel exploits, sqlmap, Nmap, Metasploit, and RainbowCrack. It was a really fun experience, and I’m glad I got to take it for a test drive.
The icing on the cake for today, however, was using a decompiler to disassemble a fake program requiring activation and bypassing the registration. From the information gathered we made a keygen using 3 different methods. Doing so requires a bit of smarts and a lot of assembly knowledge, which is something I don’t have a lot of. With some help though, I managed to crack the registration, which was an exhilerating experience.
These experiences are pretty much all thanks to Ron Bowes, one of the guys I’m working with. I’d call him an IT Professional (he’s certainly skilled enough), but he might laugh at me for such a remark. The virtual network was all designed by him, and he walked me through the application hacking, showing me every step and how it was done. I certainly have no intentions of using any of that knowledge to break the registration information for any program for any reason other than my own personal development, but it was still a really amazing experience. He keeps a blog on his homepage (I’m mentioned in a recent post), and it’s certainly an interesting read.
A final thing that I’m working on at work is a suitable replacement for Burb Suite, which is an application for attacking web applications. It’s a really powerful program, but there’s three main problems with it: it’s closed source, you have to pay for it, and the Swing interface is god-awful ugly. Other free utilities lack in either power, the user interface, or both. So, upon approval from a supervisor, I might be helping to develop a free open source alternative which would be released into the public domain. We’ve decided to program the backend in Ruby, and so far it’s going really smoothly. In just one day I almost have the proxy designed, and I’m looking forward to getting the backend completed.
All in all, work is great so far. Getting paid to do something you love is amazing.
Well, I start my new job today at Manitoba IPC. Next post I’ll talk about that, but seeing as how I will have only been working for about 3 hours by this point, I won’t have much to go off of. In the mean time, here’s a couple amusing sites if you have nothing to do and feel like burning some time.
We’ve all come to realize that IRC chat rooms are the source of a lot of junk online. It also tends to act as a cesspool of stupidity, amusing stories and typos that end up embarrassing somebody and also providing entertainment for quite a while. QDB is a collection of submitted quotes from IRC. Many are obscene, some are geeky, and most will probably cause you to at least giggle a little. (For more, check out http://bash.org).
Lifehacker, although one could waste plenty of time on it, will hopefully help you streamline your life. The site provides a number of tips to improve productivity or perform certain tasks by a cheaper alternative means. It’s kept in my daily reading because of some of the ingenious things that they come up with.
TED’s slogan is “Ideas Worth Spreading”, and that is certainly what they do. The site is filled with over five hundred talks about science, technology, art, psychology, and many other topics. Some of the most amazing ideas have come from TED talks. I guarantee that if you like to be amazed, this site will chew through your bandwidth like a teething puppy.
Create an account, tell it what you’re interested, and click Stumble. StumbleUpon finds a page which matches your interests. That’s what StumbleUpon is all about. For each page you visit, you can tell it if you liked it or not, and it will further refine your Stumbles. I highly recommend the Photography topic.
I shouldn’t need to tell you what Wikipedia is. If I do, you need to educate yourself. Wikipedia is the one big free encyclopedia online. It’s accessible, it’s full of information, and covers every topic imaginable. The best part: it has a Random Page link. Click the link, go to a random page, and repeat.
In my area of the city, we recently underwent construction on the busiest 4-way stop in the neighborhood. Every rush hour, the intersection was the main source of congestion, and traffic backed up on to Bishop Grandin. So, they decided that a roundabout would be a better option rather than the 4-way stop.
It was a good idea; they are very common in Europe, and help traffic flow smoothly and evenly. The intersection has been open for less than a week, however, and I’m quite concerned with the performance of it so far. I can conclude one of two possible reasons for this. The first option is that people simply aren’t used to this new intersection. The other option is that we as drivers are too primative of a society to use such an advanced technology. For some reason, I feel compelled to go with the latter of the two options.
One thing that might cause this opinion is the lack of confidence that I have of Winnipeg drivers. Sorry Winnipeg, but we have terrible drivers. Really terrible. As in, if I had a choice, I would stay off the roads entirely. That would unfortunately cut down on a number of opportunities that I’m not willing to pass up, such as the ability to go out and buy food.
Thankfully, there are other ways out of my neighborhood. Perhaps I will stick to those routes until those who venture through said intersection can be trusted. Something about living makes me feel all warm and fuzzy inside, and I very much like to feel warm and fuzzy.
Over the next few weeks, there will be a lot changing in my life in many different aspects. I expect it might be an interesting experience.
As many of you may know, I run a site called H2H Security Group, which has been an ethical hacking knowledge base. Over the past few months, there has been little-to-no contributions to it, and it doesn’t seem reasonable to keep the site up and running without any participation from other members. My interests have also shifted (matured, if you will) to encompass development-related topics rather than hacking, and I believe that another style of site would suit my interests more than this one. As such, I have decided to take down H2H. It was a hard decision to make, but I believe that my knowledge and expertise would be more suitable in a development site. Therefore, rather than simply removing a part of myself from the internet, I have decided to replace it with a development site. I realize that there are a lot of them out there, but this is something that I am much more passionate about, and will coincide much more with my interests in web development. Hopefully I will be able to attract more people interested in topics similar to this.
H2H spent a lot of time up and running because of its members. Specifically, I need to personally thank Aaron Goldsmith (aka AltonRashmire) and Sam Jenkins (aka Satal Keto) for their donations, dedication, and hard work. Their support, both technically and monetarily, has meant that H2H has survived for much longer than expected. They have earned both my respect and my friendship, and I will no doubt keep in touch with them, hopefully on my new development site.
One thing that certainly held H2H back was the hosting I went with. I have been with Lunarpages for 2 years now, and I have decided to move on due to lackluster tech support (a phone call I made to them which was not toll-free resulted in me yelling at the person because he was completely unaware of the DNS exploit which resulted around that time which crippled my site) and significant downtime as of late, which has been severe enough to even take down their own site. Add to that the additional costs for simple things like installing SSL certificates, and you have one unhappy customer. I am now starting a web hosting company with a few friends, which will be an eco-friendly web host. If you are looking for a good deal on hosting, contact me; mention this blog post, and I’ll take $1 off per month, which works out to 20% off (this offer good until the end of September 2009). I’ll bring you more information on the new host when it is purchased.
Finally, I start my new job in a week and a half, at the Manitoba Information Protection Centre. I have been looking forward to this for quite a while, and I expect it to be an amazing experience. This will certainly be a great learning experience, and definitely be a great source of income, which will be needed to fund my technology addiction.
That’s all for now. More later. Sorry for not following my schedule. I’ll work on that.
In the last part on my series of upgrades I will be doing to my car, I thought I’d focus a little bit (although not entirely) on the electrical components in my car. As you may remember in the first part, I talked about the sound system I put in my car and the homebrew neon lighting I tried out. In the second part, I mentioned the neon upgrades and the paint job that I was toying around with.
Although I already did accent lighting, I’d like to look at expanding it a little more. I had previously mentioned that I was going to add more neon lighting, but I’m also going to look into lighting up the running boards. Although my car is a red/maroon and my neon lighting is blue, I think I’m going to go with red LEDs along the boards; red and blue accent lighting together should look pretty nice. Since LEDs tend to run at an optimum voltage of 2.5 volts, I can get about 5 in every series, since a car runs on 12 volts. I’d like those to turn on when the doors open. Since they will be wired in with the door light, I can force them to turn on just like if I wanted the door light to turn on. I would also like to replace the door light, glove compartment light, and dashboard lights with LEDs (blue, white, and white respectively).
For exterior lighting, I’d like to also replace those with LED lights. They’re much brighter than conventional bulbs and use less electricity, which in turn improves fuel efficiency. Although I’m not sure about the headlights, I’m sure I can replace all of the other bulbs, and potentially make the enclosures clear, since the bulbs will be colored the proper colors. I’d like to get nice headlights as well, but I don’t know if they’re available for my car. But, if I can find ones that fit, I can take them out when I get a new car, and if they don’t fit I can sell them and get part of my money back since they last forever.
The last thing I’d like to look into is redoing the upholstery. The seats are boring and bland, but the front ones are an irregular shape, which may make finding seat covers difficult. I already found a faux-leather seat cover for the back bench seat which will look nice, and I also picked out black-with-red seat covers for the front seat, pending that they’ll actually fit. If it proves to be difficult, I might end up doing alterations to them with a sewing machine.
And thus completes my plans for my car. Since it didn’t cost me anything and it’s not exactly new, I think it’s a reasonable time to try a few things out and see what works and what doesn’t. That way, when I get a nice car, I can do some customization on it and not be worried about destroying something.
My car, a 1994 Plymouth Acclaim, was given to me by my grandpa. At the time, I wasn’t entirely sure that I wanted it. After all, it looks like the only person that should drive it should be someone who is 80+ years old (which, as it stands, is fitting for my grandpa). Don’t get me wrong; I’m grateful to have it, and it runs amazingly well, but it makes me feel old. Not “old” as in 25 years old, but “old” as in 60+ years old.
That being said, I’ve done my best to make it my own. Last post I made, I mentioned my sound system, which has received three solid upgrades since I got the car. Although I put a fair amount of money into it, I’m okay with that because everything I put in I can remove in a few hours so that it can be put into my future new car. Next upgrade I did was install some neon lighting inside, which looks amazing, even in my car. I like it so much that I’m going to be putting more inside. Even simple things like getting nice windshield wipers make the car look that little bit better.
I do have some other plans, however, and I’m hopeful that they’ll turn out well. The next thing I’m going to try is painting the car interior.Not all of it, but just the vinyl frame around the interior of the car. As far as customization goes, it’s pretty easy to go. I’ll be using a basic, flat black spray paint, and I’ll do each part one at a time, and hopefully it will make the car look a little sleeker. The entire interior is an off-gray, and I think it needs something to make it look a little sharper. While I’m at that, I’ll also touch up the paint on the outside with one of those touch-up pens. There’s a few nicks in the paint that I’d like to clean up, and it will certainly make the car look cleaner.
The only other thing that I might consider paint-wise is to paint the exterior of my car. My dad actually made the suggestion, which caught me a little off-guard. Regardless, it would be a great learning experience, and could potentially make my car look better. Depending on how creative I felt, I could maybe look into doing a custom design on the side of the car. I think I lack both the creativity and dexterity to pull off something like that, though. I think it would be really fun to learn how to do that, though.
I have a few more things up my sleeve, which I’ll go into next time (I promise next time will be my last car upgrade post for a while). I have a few electrical and fabric things for next time, which I hope to work on this summer.
Due to the recent success I’ve had from getting a job (see a future post) and me having slightly more money than I expected to have at this point in the summer, I decided I would do a bit of celebrating and treat myself. Although I could have looked into purchasing some of those upgrades I need for my server, I decided that I would put a bit of money into my car.
When I first got my car, it was all factory parts. Although it’s old and have no intention of putting any more money into the car than I have to, I decided that it needed a better sound system. I had a simple logic behind this: any sound gear that I put into my car, I can pull out in a few hours when I get a new car. My first purchases when I got my car were a new deck and speakers for the interior. Within a month, I had hauled an old amplifier out of my basement (which was found in the middle of the street) and bought the cheapest sub woofers I could find (2 10″ subs with enclosures for $70), and put those in my trunk. After those subs got stolen (the joke’s on them – those subs were crap!), I decided that I would do an upgrade – to a Sony 800W amplifier and a 1000W Pioneer Premier 10″ sub, and a Stinger 1 Farad capacitor to help with the powering of said system. My system has been like that for about 9 months now, and I decided that I would put new parts in.
I decided that I would get two 6″x9″ speakers, enclosures, and another Sony 800W amplifier to power them. Although putting the speakers in the trunk would initially seem like a ridiculous idea, I left enough slack in the wiring for them to be pulled out of the trunk for public events where portable sound is needed, such as any Lindy Bombing events that UMSwing puts on. Although I had to remake some wires (and I almost ran out of wire to use!), installation went off without any problems.
One thing that I was toying around with and decided to do as well was to try putting neon lighting in my car. Now, this would normally be a waste of money for an old car like mine. After all, who wants to spend a few hundred dollars on StreetGlow? But, I assure you I didn’t spend that much. In fact, I only spent $40. Rather than buy glow designed for cars, I decided that I would simply use Cold Cathode tubes from Logisys. It required a bit of wiring hacking, but I managed to put two 12″ tubes in my trunk and two 4″ tubes in the front dash by the feet. So far, it looks amazing, and I’m going to get more later to replace the old lights in the car with LEDs so I can actually see things in my car.
I also replaced the windshield wiper blades with some snazzy-looking red ones to go with my car, but that’s not particularly important. After studying today I plan on doing a good cleaning of the interior and possibly the engine. I’m also going to get a paint touchup kit, but that’s for another day. I’ll be sure to post pictures of my trunk (and the neon) soon.