vrijdag 24 mei 2013

Read a Mac CD in Ubuntu

Nothing special, but always handy if a i-dude comes over with his music but which was formated for his MAC.

How to mount?
First you need to make sure that you umount the disc in case it got automounted.

umount /media/<username>/<volumename>

Problem is that we not always know which format was used, so let's start to guess:

sudo mkdir /media/test
sudo mount -t iso9660 /dev/cdrom /media/test
ls /media/test
sudo mount -t udf /dev/cdrom /media/test
ls /media/test
sudo mount -t hfs /dev/cdrom /media/test
ls /media/test
sudo mount -t hfsplus /dev/cdrom /media/test
ls /media/test

Most probably you will be lucky to find the right format and you can start abusing the disk :-) LET's PARTY...

donderdag 16 mei 2013

Raw Data-Mining: using Wget with TOR

The overall goal of the data mining process is to extract information from a data set and transform it into an understandable structure for further use. Raw data-mining can be seen as ripping all information from a database. This will result in a hugh amount of traffic on server level, causing latency on the provided webservice. Therefore some sysadmins have configured their servers to block the IP which starts demanding a hugh (abnormal) load for a certain timeframe. To bypass this protection, we should make a system which uses a different IP for each request. For this TOR might become handy. At least if this serverfarm is not blocking the TOR exit nodes. :-)

With scripted data-mining, we want to use wget to rip data and tunnel it through TOR anonymous network to avoid IP blockage at the serverfarm? One way to do it is to use wget, TOR, and Privoxy to get what you need.

Explanation: Tor is a SOCKS proxy in which your date is sent over a network in a pretty anonymous fashion. The problem with tor is that it does not offer a http proxy which is what wget can use. So to get around this you can install Privoxy which will allow you to connect to TOR via a simple HTTP proxy.

So, lets get started.

Step 1 - Install the stuff
you can install all you need with the following command
sudo apt-get install -y tor tor-geoipdb privoxy

Step 2 - Configuration
There are a few things that need to be configured.
1. /etc/wgetrc
Find line starting with: #http_proxy =
Replace whole line with: http_proxy = http://localhost:8118

2. /etc/Privoxy
Add the following to the top of the file
listen-address localhost:8118
 forward-socks5 / .

Step 3 - Start every thing up
sudo service tor restart; sudo service privoxy start

Now when you use the wget command your data will be tunneled through the TOR network. you'll notice when you run the wget command that you will see a line like the following
Resolving localhost...
Connecting to localhost||:8118... connected.
The :8118 shows that your connection is going to Privoxy which in turn goes to TOR.

Note: You download speeds will be significantly redued due to the fact that your data will be tunneling through the TOR network. The configuration of TOR is not in the scope of this article.

donderdag 9 mei 2013

Does your payslip contain confidential information?

Would you trust a real estate company when buying a house? Especially if they ask to provide your monthly payslip for finance reasons?

Of coarse we do. We want that house and/or we need the money that we do not have. :-) So we provide them the payslips and trust in god that all remains confidential.

And then there is the almighty Google who sees it all.

Seems that omnicasa.com is providing real estate agencies the ability to have a software in order to manage their business. To maintain pdf's containing real estate information. But some smart salesperson also seem to have put the payslip of 1 of his customers online.

Naughty naughty boy.

I'm pretty sure more payslips are available on internet (just caught 2 others flying by during lunch) Some people getting a lot of money, others not.
But what I fear the most... I have a lot of personal data. RRN, adres, ... I smell Identity Theft !

BTW... Are real estate agencies allowed to request this kind of information? Do they have the approval from the privacy commission? Do they know the penalty for not safeguarding this information?

Let's get another coffee and continue life. :-)

maandag 6 mei 2013

Spread the beans and governmental passwords.

It has been a long time that I have posted something, but it has it's reasons. Belgium is trying to act modern as it think to be as important as any other high valued country. They even try to convince the people that they make HUGH effort in fighting cybercrime. But still many sites get defaced and political party websites get DDOS'ed by bored kids.

At least my nagging to the Belgium defence about inappropriate web- and networkdesign started to irritate the military sysadmins who then with "many kindness" asked to stop investigating google results about their network. Mission accomplished. Awarness is step 1 of the digital healing process :-)

Comité I was another thing that I had on the list. SecOps, PsyOps at Belgium,...
But the sun started to shine and there is more in life than reading in my dark dungeon.

And then there are the beans. Maybe white beans in tomattosaus. Or jelly beans.
Or government beans. Those which contain database information. Like the one below:

<bean id="db2XaDatasource" class="com.ibm.db2.jcc.DB2XADataSource"> <property name="databaseName" value="dt00eva" /> <property name="portNumber" value="3792" /> <property name="driverType" value="4" /> <property name="serverName" value="" /> <property name="currentSchema" value="EVAADM" /> <property name="user" value="evajava" /> <property name="password" value="YHhpiWPp" /> </bean>

password has been wiped out. :-)

So this seems to be related to the website of "Fonds voor arbeidsongevallen" where Eva seems to be an important name. If you are looking for my source? Then have a google search on:"be.fgov.faofat.evalea2"

It seems to be a habit in Belgium to use the public internet as a hugh clipboard. And then hoping this gets wiped afterwards. Or sysadmins belief their website is of no importance just like their work. I assume they only work for the money and not for the "Digital Passion".

But have you ever left a bean in the wild? It grows and starts it own life.
And one day that bean will become the feeding ground of hackers.

Ooh well... I'm not a farmer nor will I ever plant beans. I leave it up to the specialists to terminate the weed.
Sleep tight.