Haven’t updated this blog in a while, so here’s a minor update; The BackTrack 4 Final Release is out! If you’re not entirely sure what it is, read up on the website of this fabulous pentesting toolkit.
I’ll be testing it over the next few weeks, see if I can write up some interesting pieces on how to use it.
I’ve just read 2 very interesting articles on NetBIOS poisoning I feel like sharing.
Since those 2 links explain it all, I can only recommend reading them. Thoroughly. :-)
Here’s a fun piece of software by SysInternals: BlueScreen. It does what the name implies:
Bluescreen is a screen saver that not only authentically mimics a BSOD, but will simulate startup screens seen during a system boot.
* On NT 4.0 installations it simulates chkdsk of disk drives with errors!
* On Win2K and Windows 9x it presents the Win2K startup splash screen, complete with rotating progress band and progress control updates!
* On Windows XP and Windows Server 2003 it presents the XP/Server 2003 startup splash screen with progress bar!
Now that’s cool! :-)
Here’s what I’m planning to do, in my run for world domination and incredible wealth (this plan aims mostly for the latter part).
Does the above sound familiar to anyone? Seriously, no?
It’s what our customs services is doing, right now. I’ve ordered two online products recently, and was happy they arrived within the week (go ThinkGeek.com!). It wasn’t cheap, as I had to pay some pretty fancy shipping costs too. It got even more expensive, as I later received two seperate bills to pay additional fees (point #3) because customs decided they should check my packages and re-charge them, without my consent (point #2).
With a business plan like that, I’d have retired a long time ago.
Screw you customs, screw you.
Today, I was lucky enough to be able to experience a TEDx Brussels conference, a local (independant) spinoff of the popular TED. In case you’re unfamiliar with the concept of “TED”, here’s a brief description.
TED is a small nonprofit devoted to Ideas Worth Spreading. It started out (in 1984) as a conference bringing together people from three worlds: Technology, Entertainment, Design. Since then its scope has become ever broader.
In short: it’s a conference about innovative people, talking passionately about their idea. This years slogan was “Burn The Box“, instead of just thinking outside of it.
Since I unfortunately arrived 45 minutes late (that’s a definate shame on me scenario) due to horribly traffic in Brussels and a chronic lack of parking space, I missed the first talk – and arrived only just as Nicholas Negroponte was descripting the OLPC program.
Nicholas Negroponte: One Laptop Per Child
I was excided to hear his talk (and glad I ventured a 500m spring in order to get there in a reasonable timespan), because of the effort and publicity that has gone in the One Laptop Per Child (OLPC) project. Nicholas Negroponte explained not only the concept, but since the launch of the project nearly 1.2 million XO laptops have already been distributed to third world countries, allowing for a great “show and tell” – living proof the project works. With it, truancy has dropped from staggering 50% to nearly 0%. Children are motivated to go to school, and learn more. Every XO laptop also has access to 1.6 million E-books, right off the shelf. It’s an amazing tool for education, that has already shown great improvement in the way children today can learn.
The motivation Nicholas has shown during the presentation, and the amount of energy he can poor into the project, really is mind-boggling.
David McCandless: Information Is Beautiful
Our current situation (newspapers, internet, radio, television) give us a largescale information overflow. It’s up to us to manage that information, and if it were up to David McCandless, we’d use our ability to visualize data to help us with that. A very interesting and practical view of the visualization of abstract data, in order to detect trends, and make the data more readily available to anyone.
The notion of “perception” or “awareness” is based by some key factors: our vision, our taste, our sight, … The combination allows our mind to combine those senses into something we are “aware of“. Something that can have meaning to us. By using new methods of displaying data, beyond the classic Pie Chart/Bar Charts/…, we can more easily identify problem areas, place ideas into context, draw comparisons, explore timelines, … Some interesting examples from him are The Billion Dollar Gram, Left vs Right and Mountains Out of Molehills. Each gives unique insight into topics that would otherwise just be a collection of boring data. It gives meaning to otherwise meaningless data.
Conrad Wolfram: I Calculate, Therefore I Am
Another person of great interest, mathematician Conrad Wolfram, who is largely responsible for the highly innovative search engine Wolfram Alpha, as well as the computational software program Mathematica. The presentation talked about the mystery revolving the following question: “Is it cheating if I use Wolfram Alpha for my homework?“. While it does seem like a fairly simply question, the implications are profound. He makes the claim that our current education of math is fundamentally wrong by teaching us only the methods to calculate, and not the tools to do so. While there’s a general basic knowledge of math we should all possess, we can make much greater progress if can we learn to use the computational tools available. Our current education fails in the sense that we cannot put math into context, where the practical use of math to most is not immediately relevant.
Noam Perski: Carbon Neutral Clouds
While you’d expect a mostly environmental talk, his presentation was largely about the concept and advantages of Cloud Computing. Since TED is classically a technically skilled audience, the concept could be explained exactly as it is – without having to place everything into a metaphore (which is something that’s caused a lot of confusion about the ability of cloud computing nowadays). The obvious advantages were discussed (consolidation, power saving, optimization, pricing, …), as well as the evolution towards cloud computing and Amazons EC2 product. Since I’m very familiar with Cloud Computing (both due to work, and personal interest), I could greatly sympathize the subject.
Djamel Laroussi: Three Marabouts
The musical intermezzo was provided by Djamel Laroussi, a leftie guitarist. An amazing display of improvisation on stage, as well as a general musical experience. He though himself how to play the guitar, but bought himself a right-handed guitar and played it left-handed – without switching the strings (which means he new plays the guitar “upside down”). A wonderful show!
Here are some movies that might inspire you:
A break from the classic 2/4 rhythm, and an entry into the 3/6 african rhythm music.
For The Talks I’ve Missed
Above are just a few of the innovative talks I experienced. There were great others given by
While I’ve left out quite a few as a detailed description, it’s worth noting that every talk was impressive and kept us hanging on every word mentioned. Since I’m more biased towards tech-savvy subjects, I’ll be mostly sticking to those.
So?
TED stands for interesting presentations, given by passionate people. It’s about reaching out, and meeting new people – networking. It’s an inspiring event, that I feel can be summed up in the following quick comparison:
I’ll be there for next event, where the slogan is “Great Balls Of Fire” as inspired by Jerry Lee Lewis.
Like some million others out there, I watched the Chrome OS Open Source presentation on several of youtube’s movies, and have mixed feelings about its use in todays world. For reference, here are some interesting videos you might want to look into.
There’s a wide variety of design documentation out in the open for you to look into, as well as the source code itself, for you to evaluate. There’s also a developer build Virtual Machine for VMware’s Player, that you can download and boot up – to get the look ‘n feel right. If you want to run it in VMware’s Server, you’ll need to convert the machine first.
Chrome OS is counting on the following events to further expand:
Trends in the industry leading to the Chrome OS
In Chrome OS: every application is a web application. That’s the power, and the weakness of Chrome OS. While there’s a trend of moving all applications towards the web, and I’m no big fan of it. There are the obvious advantages (easier administration, one place for storage, backups …), and the obvious disadvantages (security, lack of ownership, lack of browser capabilities, …). You’ll have your standpoint on this, I’m sure – this is just how I feel.
When is Google OS useful to you? When you donate all your privacy concerns to Google, and “migrate” to “the cloud” – using all Google Applications that run in your webbrowser. GMail, Google Docs, Wave, … are all webapplications that run great in a browser, and it’s a focus of Google – but it’s not a focus of 95% of all the other software being developed. You’re limited with Chrome OS in ways you’ll only realize as soon as you use it. And then you’ll switch back.
*Edit 23/11*: TEDx Brussels is over, I’ve posted my findings in the following post: TEDx Brussels – My Box Is On Fire. Oh, and in case you got here by a Google Redirect, the TEDx Brussels website is currently offline!
Last week I received confirmation I could go to TEDx Brussels, the local spinoff of popular TED. Today, I received the “code” to which we should behave that day, and I’m looking forward to it!
DRESS CODE
The uniform of TEDx is a smile; an optimistic attitude, (TED is called DAVOS for optimists!). There are no suits and ties at TEDx, even if the venue is the European Parliament. It is not the spirit of TED.LAPTOPS
Leave your laptops at home. It is a nuisance in the parliament. Security will ask you to check it in and you will have to fill in forms with serial numbers. Painful. Avoid it.PHONES
Telephone. Let’s all make this promise: no cell phones ringing during the performances and talks. You will be reminded to switch off your phones before you enter. It is very annoying for speakers and for the audience. Never have I heard any cell phone during any of the TED events. Let’s not do it in Brussels either.CAMERA AND PICTURES
Pictures and video during the event are strictly forbidden. You can shoot outside the main hall during the generous breaks.THE MAGIC OF TED AND TEDx
As TEDsters, it is customary at TED events (and by extension at TEDx events) that you should meet as many people who attend. Do not leave anyone standing alone. Go up to him/her and get acquainted. This is some of the magic of the TED concept: you HAVE to meet people, it is not something you CAN do, you MUST. You can fill in your TEDster profile @ www.ted.com This is where other people will find you.RESPECT THE SPEAKER
During the TEDx event you are expected to stay through the whole event. Do not walk out, do not leave. It is too mind-blowing an experience to miss this and the speakers are from all over the world and get precisely 18 minutes to talk to you. Respect this. Give them your full attention. It is supposed to be the talk of their lives.18-12-60-100
Every speaker can only talk 18 minutes. A series of talks will not be more than 100 minutes. Every break will be 60 minutes. The whole event will take 12 hours (nine to nine), breaks, lunches, receptions included.
Bring it on!
Ever heard of MetaData? Wikipedia describes it best:
Metadata (meta data, or sometimes metainformation) is “data about data”, of any sort in any media.
So I hear you thinking: who cares? Well, for starters: you should.
MetaData contains a lot more information than “data about data”. Documents such as .PDF, .DOC, .XLS, .PPT, … contain information such as
If you’re still saying “so what?“, ask yourself the following question: should this data really be public? Should everyone really know my username to my computer? Or everyone who contributed to a certain file? Or where I saved it, and what software I used?
If I were a malicious person, I could use that information for a targetted attack: I can send you a phishing e-mail, with the name of some of your colleagues in it, or one of those names as the FROM-address, so it looks legitimate. I could use that software version number to attach a very specific software exploit, so I can gain control over your system. I can use your username to brute-force your password.
See a trend there? The MetaData is giving out a lot of info that can be abused, and there are plenty of ways to get it. Consider our good friend Google for a second, they have some very nifty filters you can use in order to search efficiently. Ever searched for the string “site:microsoft.com filetype:doc“? It gives you a list of all .DOC files, found on the microsoft.com site.
Guess what information is in those files?
Revision info, for everyone who worked on a file:
revision history – Revision #7: Author ‘benjaxxx’ worked on ”
revision history – Revision #6: Author ‘waly xxx’ worked on ”
revision history – Revision #5: Author ‘Steve xxx’ worked on ”
revision history – Revision #4: Author ‘waly xxx’ worked on ”
revision history – Revision #3: Author ‘waly xxx’ worked on ”
revision history – Revision #2: Author ‘waly xxx’ worked on ”
revision history – Revision #1: Author ‘waly xxx’ worked on ”
revision history – Revision #0: Author ‘waly xxx’ worked on ”
Paths used in that computer:
H:\SQL\SQL70_sp2\Langs\Spanish\updated_Readme_Localised\test\
\\MULTIMED-SERVER\WWWROOT\Peru\ftpfiles\
C:\WINDOWS\TEMP\
\\Dolphin\adcu\IDEAS\
And the list goes on!
By using publicly available information, I can get enough information to get an idea of the internal layout of a company. And I haven’t even set foot inside it yet. Tools such as Metagoofil simplify the act of getting this information, by searching Google for you – and extracting the metadata.
H:\SQL\SQL70_sp2\Langs\Spanish\updated_Readme_Localised\test\ \\MULTIMED-SERVER\WWWROOT\Peru\ftpfiles\ C:\WINDOWS\TEMP\ \\Dolphin\adcu\IDEAS\
If you need to copy large files in a Linux environment, you would usually use the cp command. Makes sense, since it’s to copy files. The downside: you don’t know how far you are within your copy. You can toggle verbose mode with ‘-v’, so when you’re copying several files you know which are done, but there’s no single-file progress to be seen.
Using rsync, you can. And it’s available on nearly every linux release, too.
Here’s the syntax difference:
cp <oldfile> <newfile>
rsync --progress <oldfile> <newfile>
rsync would then look like this:
It gives you an estimated time remaining, as well as a speed indication. And it shouldn’t affect your total copy time by that much, either.
I don’t often write something personal (and before you remove this site from your RSS reader, I won’t be doing that too often), and usually keep things tech-savvy, but this I felt I had to share. It’s about happyness, romanians, body language and charisma.
Say what?!
Let’s start at the beginning. I work at a Belgian hosting provider, which is located in the Port of Antwerp, one of the biggest in Belgium. Working late one friday evening, I decided to grab a bite at around 21:00h. Night had fallen, the sky was totally black. I walk outside our office building, and find a man walking around aimlessly, holding his (fairly bald) head together with his two arms. He’s obviously in distress.
He slowly walks to me, and starts talking rapidly in a foreign (at this point, undefined) language. I couldn’t understand a word he was saying, but saw him pointing at a piece of paper with an address on it. The Sherlock Holmes in me deducted he probably had to be at that address, instead of this abandoned office building late at night. The big yellow truck behind him probably gave away that clue, too. I read the address, but had no clue where it was.
At this point, I normally would’ve gotten in my car with built-in GPS, and just drove home. Screw him. Would that make me a prick? Would you trust a trucker late at night, when you’re all alone?
Having rememberd the movie Yes Man, I felt like saying “yes” for a change. Let’s do a good deed, and help this lad out. Using body language that would’ve impressed quite an audience, I guided him to my car (and I think at this point he was probably thinking “should I trust this IT guy late at night, when I’m all alone?“), forcefully removed the paper with the address from his hands, and entered it into my GPS. He saw the route he had to take, but somehow couldn’t orient himself to get there, despite my best efforts at Dutch, French, German, English and Sign Language. Probably because I was confusing all 5 of those amongst eachother, making it complete gibberish.
In between this hectic explanation, he managed to get the following phrases out, in several other languages other than my own: “been looking for this address for 3 hours”, “am totally lost”, “am from Romania”, “come from Holland”.
Still thinking about that movie, I figured it was time to show this Romanian man true Belgian hospitality. Using yet more sign language, I managed to get him to take his truck, and follow me in my car – while I was following the GPS to his destination. Once we arrived to the place, entirely in the middle of nowhere in some obscure ally in the Port of Antwerp, he was still lost. The company name his cargo was addressed to, was nowhere to be found. Lucky for him, in that same street is an emergency hospital, that is open 24/7. Since I, after nearly 30 minutes of die-hard interpretation, managed to understand where his cargo needed to go, I thought I’d go to the hospital and ask for directions.
Unfortunately, the only person there at that time, was performing some kind of surgery on a man having just injured his head. Thinking my timing could’ ve been worse (it could’ve been a woman having injured her head, for instance – in stead of a man), I asked this doctor where the heck this romanian guy had to be. He couldn’t point me in any sensible direction either, so I took my newly found Romanian buddy out for a walk, in the dark streets of the Port. We walked around the block, in search of his drop-off address.
He then managed to utter the word “coffee”, and pointed at his truck. Now that’s where he hit the motherload: coffee. As an IT-er, I know my coffee. I practically live off it. He had to deliver my sweet, sensitive and addictive coffee to one of these warehouses. We then walked the block again, but in a slighly different way: using our noses. We litterely sniffed the air. I guess it was around this point that I was starting to feel silly, walking around with a total stranger who doesn’t understand a word I say, inhaling deep breaths of air inside a Port. Death was imminent, I could feel it.
But then it struck us both: a soft smell of coffee entered our nostrels, and entered our minds. We could actually smell the warehouse, my plan had succeeded (granted, it was above all expectations). Two minutes later, we found the warehouse – which some genius forgot to label properly to get the company name on it.
All in all, we spent about 45 minutes searching his address. He had spent the last 3 hours in panic, because he did not deliver his cargo in time. He would’ve spent an entire night in panic, if I had decided to just go home. The moment that man saw his destination, it seemed like he could finally breath properly. He actually sighed with relief, and was truely, and sincerely, happy. Walking back to his truck, he showed me a map of the surroundings someone drew for him, so he could find directions. It contained about 3 lines, all highways not even remotely close to where we were.
I helped that man. From panic to happyness, in a mere 45 minutes. I dare challenge any shrink to do the same.
del.icio.us
Recent Comments