NemesisV

Where is my shell - Ubuntu 11.10

2012-01-04T10:01:00.000+08:00

I know this is late, but I had been real busy in the past month over things which matters and does not matters. Eventually, I even missed to download and install Ubuntu 11.10 when it was out in Oct... But its better late than never since 12.04 is in alpha1 only and will only be available in April 2012.

The first thing I saw after a reboot as a culture shock.

The familiar top menu is gone and how do I start a shell? I tried right clicking and look for it on the top right, but its not there...

Well thats the good part about installing this late, but other people had done it and had wrote up documents on how-to do this and that. It seems that the terminal is not hidden inside the DASH icon.

http://complete-concrete-concise.com/ubuntu-2/ubuntu-11-10-how-to-get-a-command-line-shell-or-terminal

Anyway, this is the new desktop interface call Unity. At the first look, I like the new Ubuntu 11.10. Its about time Linux gets it right.

Racist Nandos made it onto my banned list

2011-12-25T20:43:00.002+08:00

I had heard of the $2.50 for plain water incident in Singapore, but I had not visited it myself to find out how bad it really was. However, since I was in KL this weekend, I thought I should pop by Nandos and find out.

Anyway, here is the incident details about the $2.50 plain water incident.
http://caveat-emptor-singapore.blogspot.com/2011/06/poor-service-at-nando.html

So, I was at KLCC, and next in the line with J and had indicated to the waitress that I want a table for 2. I saw a table clearing up and I knew it would be my turn soon. And then another family of 3 arrived and they just walked in. Then they were told they need to wait in line first. Disappointed, they walked out, but before you know it, the waiter then came out and told then they have a table for them, totally walked passed me and tell them to come in.

I mean, WTF? Am I invisible or something. Or I get it. Most of the waitress actually have the same skin color and wear the same type of head dress with the family of 3. And I certainly did not see any triangle table which is designed for table of 3. If they can fit in a table for 3, why can't they fit in for a table of 2 first?

I told myself this is rubbish. I am a spending customer and I will not stand or this type of Bullshit. I can fucking spend my money elsewhere were I like it and I do not have to stand for your poor service and fucking racist attitude. This is clearly a case of discrimination against us and I swear that if this is somewhere else, I would meet them in court and make they pay dearly for this!

Anyway, FUCK IT. Nandos is on my banned list now.

Anyway, I was lucky though. Because I missed Nandos, I have a damn great dinner at Uncle Duck.

eNet problem with Chrome browser - Solved

2011-12-08T20:52:00.001+08:00

Sometimes, we just do not have a choice. Some of the eGovernment services happens to use something known as eNets, which in my very humble opinion is still fucked up as ever. Out of the 2 times I have to use it in the pass 1 month, one of then returned a 404 page not found and the other one certain made me bang table.

Just put the 404 one aside since I do not care, as long as I attempted to pay, if the payment failed, I would point finger at Nets. The second case was actually much worse. But since I am here to bitch about it, I might as well start from the beginning.

It all started when I needed to renew some something which is not important in the story. And I ended up on the payment gateway. Its none other than eNets. I actually wonder why the Singapore government continue to use such a lousy payment system. Even some of the primitive China payment gateway works better than this. Anyway that aside it could be a left pocket right pocket things, it still doesn't solve my problem.

When I made the payment after filling up the big long form, a golden bar pops up on my Chrome browser. Well, it seems like it needs Java and Chrome had to be sure to ask me. +1 for Chrome. When I click run, it loads Java, but the form is still stuck, The fields are not enabled and I cannot type in anything at all. Now that sucks. I know I should go and complain, but I also know they will go tell me to use IE6. So just fuck it.

The most natural thing to do was to press F5 to refresh the page. And guess what, it failed once again and now I am unable to pay because there is an active sessions. Ok, thats a good precaution, but it suggest that I close the browser and try again. And so I did, losing all the entered data and I had to go through the forms once more. This time I tried to enable the Java run, but still it doesn't load. That's just fucked up.

Ok, if I am going to bitch about it, I might as well give everyone a solution here. On the payment form. there is actually a Cancel button. Go click that and you will be returned to the page which you came in from. You can submit the payment once more and since you already allowed the Java to run, it will load successfully this time, thus enabling you to complete you payment.

I know by the time you find this page, its probably already too late, but having a workaround sure beats having to go queue up and submit anything manually. I just hope that company like Nets wake up their idea and make their application compatible with other browsers! And IE6 is in no way the dominating browser anymore since a few years back!!!

Summary:
If Java does not load on eNets page, DO NOT REFRESH or PRESS F5!!! Instead, click cancel and you will be allowed to resubmit the payment request.

File association hell - File Types Change Grayed out

2011-11-28T12:54:00.001+08:00

Ever encounter a really screwed up system where the file association sucks? For example, opening a ZIP file, it goes ahead and launches Acrobat reader... Ya, I think you know what I mean. And worse of all, not everyone has the power to go change it in the registry and ever so it may not solve the problem at all.

According to various forum, one way to save it is to set:

"NoFileAssociate" value DWORD=0
at these two keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explore
r
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explor
er

But if you notice, when you run regedit in admin mode, the current_user is admin, and not whatever user you may be. Also, let's say you do not even have admin right, then what? Come to think of it, how the hell did you manage to mess it up so badly?

If you are not admin and you manage to mess it up, it can only mean that you have the power and thus the responsibility to set it right. I am going to show you one of the way which I found out that works.

Find one of those file you need to associate. Create a fake one if you have to. Right click on it, Property.
Now, do you see the change button there? I had tried even in non-admin mode that the button is not disabled. So go ahead and use that to change it to whatever you need.

Another way which did not work for me is to go to any explorer window. Tool->Folder Option. Click on the File Types tab and there you can see the buttons Change as well. But for my non-admin case, the button is disabled and getting it enable is more trouble than worth it.

In any case, I hope this helps you. Drop me a comment if you find it useful.

Enable tab auto complete in command prompt

2011-11-28T09:48:00.001+08:00

Often I come across PC which does not have the "tab" auto complete enabled and it can be very frustrating to work with. Actually I just realized that Microsoft even has a KB to guide you through getting this fixed.

Enable "tab" autocomplete in (DOS) command prompt:
http://support.microsoft.com/kb/310530

I figured its better for me to blog it here so that I can easily access this information when I need it.

Click Start, click Run, type regedit, and then click OK.
To enable automatic completion for the computer, locate and click theHKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor key.
To enable automatic completion for the current user, locate and click theHKEY_CURRENT_USER\Software\Microsoft\Command Processor key.
For folder name completion, double-click the CompletionChar value. Type in hexadecimal the control character that you want to use.

For example, if you want to use the TAB key as the control character, the control character is 0x9 (type 9 as the value; Windows converts it to hexadecimal). If you want to use the same control characters that you use for a single command session, type 0x4 for CTRL+D and 0x6 for CTRL+F. You can use the same control character for both folder and file name completion.
For file name completion, double-click the PathCompletionChar value. Type in hexadecimal the control character that you want to use.

For example, if you want to use the TAB key as the control character, the control character is 0x9 (type 9 as the value; Windows converts it to hexadecimal). If you want to use the same control characters that you use for a single command session, type 0x4 for CTRL+D and 0x6 for CTRL+F. You can use the same control character for both folder and file name completion.
Quit Registry Editor.

Flash Player 11 download fail at 12% AGAIN

2011-11-15T09:23:00.001+08:00

It seems that that download issue for Flash Player still haunts some of of us. I had talked about it for Flash Player 10:
http://nemesisv.blogspot.com/2011/08/12-timeout-downloading-adobe-flash.html

The most direct solution is to download the full version from Adobe's website:
http://www.adobe.com/special/products/flashplayer/fp_distribution3.html

Here are the direct links:
64 bits - IE
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_64bit.exe
64 bits - Plugin
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_64bit.exe

32 bits - IE
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_32bit.exe
32 bits - Plugin
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe

Again, I stress this is for Flash Player 11 ONLY. Once a newer version is out, I strangly suggest you find an updated link.

Symantec Endpoint Upgrade Error "A necessary file could not be loaded: SAVCProd"

2011-11-10T16:06:00.003+08:00

While upgraded my Symantec Endpoint from some old version to the latest 7000 series, all a sudden I get this weird errror :

A necessary file could not be loaded: SAVCProd

It turns out its due to the email component begin changed from one folder to another causing it to be executed from the wrong place. The details can be found on the official website:

http://www.symantec.com/connect/forums/necessary-file-could-not-be-loaded-savcprod

So, just take their recommendation and disable ccApp.exe to boot up and everything is fine.

Even Java now installs spyware

2011-11-01T19:54:00.001+08:00

Do you get a surprise when you install the latest version of Java Runtime for your browser?

Don't be. Its a documented "feature" on Sun's webpage.
http://java.com/en/download/faq/ask_toolbar.xml

Well, looks like even Java cannot be spared from bundling with spyware in order to obtain "statistic" from user. Well, they do say that there is no free lunch. Especially not from Sun.

Warhammer 40K Windows 7 Theme

2011-10-30T14:21:00.000+08:00

I went around looking for a Warhammer 40k theme and found one, but the site is installing all sort of spyware when downloading the theme. So, I manage to just rip out the theme in a VMWare and I uploaded it myself for you to take it as it is. Just all the desktop wallpaper, in 30 mins interval.

Download:
http://www.fileserve.com/file/pVhAZxa/W40K-SM.themepack

Here are some preview:

Region Free for Philips Immersive Sound Home theater HTS3560 Blu-ray

2011-10-30T12:04:00.002+08:00

At Home screen, type on your remote: 13893108520

This will display all of the current settings for your player.
Region_Code: DVD(X) BD(A)

This will not change any settings, but will report your current settings. So it's a reporting function only.

If your X is 0, its already region free.

To change your DVD region settings try the following:

Turn on player with no disk inserted
Press "Home" on the remote control
Press and hold "stop" on the remote control, until you see the eject on the display
Press 259 on the remote control
After enter the code 13893108520 again on the HOME Screen and the player will show Region_Code: DVD(0) BD(A)

Now the buttons on the front of the player do not work anymore....

You will need to go to SETUP and click on RESET FACTORY SETTINGS....
Wait until the player restarts and now you can play all DVD regions

Hacking the company's laptop PART 2

2011-10-30T09:27:00.004+08:00

In the previous articles, I mentioned how easy it was for me to obtain my administrator’s right simply by social engineering the IT support department. However, that doesn’t not solve ALL the problems we have. It is good to have a laptop with an additional local admin account, but it is not enough to simply have that. There are still other helpless laptops out there. Ultimately, what I wanted was the admin account so that I can help them out too.

While I have my admin rights, it’s easy and simple to just change the password of the admin account to whatever I like, but that’s not my aim. I also realized that in order to push my hacking tools onto the laptop to extract the password hash, I will probably have to disable or uninstall the antivirus system because it is basically blocking and deleting my software whenever I copy it in.

Touching the antivirus is probably not where I want to go. Basically, messing with the antivirus may trigger some audit alarms which will not look nice on me. Secondly, I may not be able to properly uninstall or install the antivirus back because it may have a secondary password or some required files for the group policy. Enterprise level antivirus usually has all these additional stuffs. Destroying the antivirus will be a last resort for me.

Just to recall in the first article, the hard disk has a disk based encryption and that is why I am unable to use a boot disk or boot CD to extract the password hash. In short, I am pretty screw if I continue in this path to try to extract the password hash. In a separate thread, I did manage to break one of these systems using a floppy boot up, but that’s another story. I had another thought. That is to install the system console and boot that up. But the chances that I will be able to run or do anything else in that restricted shell is quite close to none. So, what will be better than the password hash? Answer : The password itself.

So, how can one get the password? Let’s backtrack this a bit. How does the IT department upgrade and change all our passwords? Typically if you work smart, you will either push it down a GPO or use some sort of batch processing, maybe even SMS or WUSS. Now, being such a huge enterprise, I would guess they would use at least one of these. I strike GPO off because the admin account is a local account. So, what I will do is to find out how they changed the password (in batch).

I do not know why, but my IT department like to leave a link to their software repository around on their desktop. I guess that’s probably the root of corporate piracy if any happens here. In any case, this is the place I would start. Looking through the folders, I basically had gone through these times to times for other reasons, so pretty much know which are the new stuffs, or simply just sort them by date. Then from the new folders, I found another link to another server which contains the new software sets for this upgrade. Now, this will contains the binaries for the antivirus. I almost thought that I would reconsider breaking the antivirus and reinstalling it back using these binaries. Until I saw a very obvious file in the root directory. It sound like jackpot. In fact, there is even a file call “ChangePasswordforXXX.exe” lying around there for the picking. Bingo.

So, this is a exe file. I would like to break it apart using IDA Pro or other debugger, but just throwing at a long shot, I thought I would start with a text editor instead. Based on my experience, most people do not encrypt or even obfuscate their binary. I had been able to break many applications and website basically because the binaries is not protected. Again, this enables me to accomplish what I did. By looking through the binary file, I notice this is a simple WISE installation binary. Yes, actually I already knew that when I saw the icon. They did not even bothered to change it. WISE has tendency to leave some of the configuration in clear text even when it is compiled into a binary. That is the reason why I saw the things I saw without even the use of a debugger. Somewhere in the file, I saw the password I was looking for. In fact, I did not even really take a look at the file, I simple do a search for “password” and I am brought to that offset in the file.

The password was long, complex and consists of alphanumeric with upper and lower case and symbols. But it is just another password hacked by me today.

As an added bonus, I even got hold of an additional password in the file just right below it. It is the encryption password for the harddisk. I haven’t figured out how I could use it, but I guess it will probably be useful, someday.

Hacking the company's laptop PART 1

2011-10-30T09:25:00.005+08:00

This articles talks about hacking and other activities which may seems to be illegal and will certainly get you into trouble if you are caught doing it. I would advise you read it as a form of entertainment and treat it as entirely fiction without any truth in it. Ok, let’s set this imaginary environment.

WE all had laptops for a long, long time that I did not even remember the days where laptop did not exist. Due to special considerations, my department had always had the privilege of admin rights on our laptop due to the work we do. We are required to install software, run privilege tasks etc on a daily basis. We never imagine the day that this would end. We never had the problem of facing this. Until now.

Due to new firm requirement, we are required to upgrade to a new version of the laptop OS with some enhancements as well as a new set of software for our work. This time, the top management came down on us hard and decided that we should not have administrative rights to the corporate laptop because we are supposed to perform our privileged task on another laptop. Ok, let’s leave that out of our story. The fact that we may be caught out in the field for weeks, it does not seems logical that we do not have access to our email and other corporate information systems. Therefore, we NEED to have administrative rights to the laptop. SOMEHOW.

Let’s pause for a minute if you feel that we need to discuss the moral and legal issue here. Like I said, its an imaginary environment. By all rights of standard, we should never have to ask for any thing and everything is given. However, this does not actually happen in the real world or for that matters, this imaginary world of our. So, someone needs to be the hero. Someone need to break some rules. Someone will have to do it. Yes, I know, that would be me.

Ok, lets come back to the story. So, many of us find that we cannot even insert a thumbdrive (oops, sorry, flashdrive) without triggering an administrative prompt. Life has been hell since the upgrade and it seems like the end of days is just about to begin. Unknown to most, a few of us are already beginning to work on this “problem”. The intention is just to be able to have enough rights to perform some of our installations etc without having to tear the laptop apart. Of course, in the process, we would not want to trigger any alert or alarms as well. Hackers get caught. Good hackers DON’T get caught.

So, we narrowed down our options. One of the endgame objectives would no doubt be the administrative rights. A more direct answer would be the administrator password. And inside our laptop, there is the local administrator account, which is used by the IT support department to roll out updates and perform installation on our laptop. This seems like the very object we want.

Usually before I go about the hard way, I try the easy way. In fact, the easy way usually works. I tried a few passwords. No luck. In fact, I was very caution to ensure that password lockout was not enable on this account. For very obvious reasons, if this account is lockout, it will be difficult to recover the system. I always wonder if this is the reason why everyone wants to attack the admin account, beside than knowing it has the rights of god on the machine. So, it does not use a simple password.

Another very direct way to recover a system is to wipe the password. This is more effective than you can imagine. I had broken tons of laptop whose owner does not want me to enter their system by simply rebooting into my boot CD and wiping off the administrator password. However, we have a problem here. This system is protected by a disk based encryption. When we boot up from a foreign OS, the encrypted partition simple will not mount. In fact, this was one problem I was dying to crack. Anyway, wiping the password is not the way to go.

Another approach is to extract the password hash. We all heard of rainbow tables and LCP. I guess this would be easy. I had extracted lots of passwords hashes in the past using PWDump or FGDump. One obstacle lies ahead. Antivirus. The antivirus is switch on to the maximum mode which simply detect and delete anything and everything it feels is dangerous. This includes some of our tools which we use for work as well. Nasty. The question is : Do I want to break the antivirus as well? Antivirus firm has spend millions on R&D to ensure their solution works and works well in a corporate environment. I am sure they had figured out that someone will want to disabled or uninstall their product in the corporate. Secondly, I also do not want to trigger some alarm if I had my antivirus off.

2011-10-26T20:02:00.001+08:00

I am trying out a new look and feel for my blog. Its been a long while since my previous theme and I thought I should give it a change. Let me know what you think!

Breaking Deep Freeze 6

2011-10-26T19:47:00.001+08:00

I had came across Faronics Deep Freeze and despite what they claim on their website, it is not as secure as it seems which I will show later in this post.

First, some links to the official product:
http://www.faronics.com/enterprise/deep-freeze

And before I do on, read about the Unfreezer which written by Blackhat Emiliano Torres.
http://usuarios.arnet.com.ar/fliamarconato/pages/edeepunfreezer.html
He had managed to break Deep Freeze again and again, at least until v5.7. Then there was nothing. Did version 6 onward finally defeated all the hacks? Well, I am going to the answer is NO. In fact, it just got simpler!

Before I go about talking about hacking Deep Freeze, let me show talk about the critical flaw in the design which can cause some totally disastrous situations which is irrecoverable.

Lets imagine for a moment that you suspect there are malware in the system and the malware is going to clean it up at the next reboot. But hell, you have no idea there was a schedule scan at reboot and you freeze your system drive. What is going to happen? It will boot up and scan the HDD and then maybe it will find the malware and remove it, but it doesn't matter because its frozen. And at the end of the scan, the anti malware would reboot to make sure you boot up clean and good. And then it will reboot, and because the flag for "I have already scanned" is actually not save, it would scan again. Infinite loop. So totally screwed aren't we.

Similarly, if you have a really good defrag program like PerfectDisk or similar product which allows your to perform a boot time defrag for your system files, you can imagine it will be the similar case above. Defrag and it will try to set flag and reboot, but it will not change the flag and it will loop forever.

And now this is the part which I talk about the flaw. YOU CANNOT UNFREEZE UNLESS YOU CAN BOOT INTO WINDOWS!!!! So, there is no way out even if you have the password, the admin access and the physical. OK, let me take it back, you can if you read on. But otherwise, its great format time and a good round of curse and swearing at Deep Freeze.

Now, you will notice I had talked about the flag in the above case. That is the same principle we are going to use to break Deep Freeze. Let's take a look at some of those boot up files which are in Windows system and main directory:

DepFrzLo.sys (kernel driver)
DepFrzHi.sys (filesystem driver)
dfserv.exe (service)
frzstate.exe (password dialog)
persis00.sys (password file and “on/off switch”)

If you are sharp, you would already know how I would do it. During one of the penetration test, I was asked if I have and do-not-have physical access, how would I do it. So, lets tackle the have physical access first because its definitely easier.

You can go ahead and delete the filesystem driver, which does not work. The trick actually lies in the persis00.sys or persis0.sys depending on which version. What you will need is the trial version at least and install it on another system with a known password since you install it. Then boot it up and unfreeze the drive and shut down. Copy out the file. I will advise using a WinPE based boot up vie a LiveCD or Mini-XP to read the file out.

What you need to do next is to plant and replace the locked file in the target drive. Using the same method, boot up your LiveCD and mount the drive. Then just replace the file. YES, its that simple. Nothing prevents you from doing anything at all from the LiveCD. Make you feel pretty stupid paying so much for this piece of software don't it?

Anyway, after the file had been replaced, boot it up and its unfreeze. Uninstall it, reinstall it, do whatever you want. And remember to get the flag for your anti malware or defrag software set before getting stuck again in another infinite loop. But what the hell, as long as you keep your unfrozen persis00.sys handy, break it is only limited to how fast your LiveCD can boot up.

So, what if I have no physical access? OK, this part is concept only, since I did not completely test it. Deep Freeze does not protect the boot MBR if you bypass the mass IRP hooking using another driver. OK, you will look at me and give me the WTF look. Yes, Deep Freeze uses rootkit technology obviously. Their IRP hook however could be bypassed. One such tool is MBRKit. With that in, all you need to do it to redirect the boot up somewhere else. For example, another mini-Linux with Samba image. Then put in the boot up script into the boot image to replace the file persis00.sys and of course do remember to set the boot back to normal once it had successfully done so. So does that sound far fetch. Of course NOT. But it has man risk which may cause the system to hang up etc, so extensive testing is required to create such an attack. Of course, I think I just gave the concept design for a Deep Freeze attack rootkit.

So, Deep Freeze is totally crap. No, obviously not. It just had its flaw. Is there a way to prevent this attack. Yes. Consider full disk encryption. And NO. Even with a full disk encryption, there is an unencrypted partition and that could be attacked. Unless its pure hardware based implementation.

I hope this very long article is help to give you some insight on Deep Freeze. While this exposed on way to overcome it, it can prove to be helpful in life and death situation such as the one above. I hope Deep Freeze give this more thought rather than the "We will think about it" when they got hacked by Emiliano Torres.

Download the workable Anti Deep Freeze Rootkit here:
HAHA, sorry no download! :P

The mysterious LGA1944

2011-10-26T19:04:00.001+08:00

While surfing on Asus support website (http://support.asus.com), I notice there are 2 new categories of motherboard listed. They are the LGA2011 and the LGA1944. I know whats LGA2011. That's the supposed motherboard which will house the X79 chipset coming in at Nov 2011. But what is socket LGA1944? Could the industry been keeping so quiet about a secret socket that nobody had heard about so far?

I did some research and found out that the LGA1944 could be the socket to support the G34 chipset from AMD. So here we have it. There is no secret socket and neither is it for Ivory Bridge...

COMEX 2011 Brochures Mirrors

2011-09-04T11:10:00.000+08:00

I had uploaded the brochures for reference.

Hardwarezone's :
http://www.fileserve.com/file/y6ecmzw/Comex_2011.7z

Bootsrikes's:
http://www.fileserve.com/file/XkA7H59/comex2011.zip

Today is the last day for the fair!

PC Tools Threatfire vs Windows Home Server 2011

2011-08-28T10:40:00.000+08:00

I had merely touched on a Anti malware called Threafire (http://www.threatfire.com/) in my previous post, which claim to be very effective and could be combined with other AV products to increase effectiveness. I had tried the product for a while in the past. It is not very heavy in memory, but I think eventually, it is something like a IDS with cloud analysis. This is a really good and cheap addon if you only have the AV component.

For my WHS 2011, I had been tweaking to get the best AV/Firewall combination working. In the end, my last configuration was:

Comodo Internet Security 2011 Pro (Firewall Off)
Threatfire

It turns out that I am unable to open the Dashboard from a remote workstation. I pinpointed the problem to Threatfire somehow blocking it and there is no configuration to unblock it. So, in the end (for now), Threatfire is kicked out of the WHS and everything is working fine now again.

So, after a extended period of hunting, the best combination I could get working is Comodo Internet Security 2011 Pro without the Firewall enabled. Let me know how you addresses your WHS 2011 AV/FW needs!

Private Firewall and Comodo Anti Malware

2011-08-14T13:29:00.000+08:00

I had previous mentioned that I had given up Bullguard (www.bullguard.com) in favor for 2 products on one of my system and so far it seems to be working good. Let me talk a little more about these 2 products.

First, its a FREE personal firewall call PrivateFirewall. Something special about this firewall is that it does a little bit more than the normal host based firewall. It does process detection, anti screen, key logging as well as system anamly. These are actually very good measures against trojans. Because it does not actually have a detection modules, Trojan may somehow be able to install, but when it tries to does anything funny, PrivateFirewall is likely to be able to catch it and terminate it because it connects back. Its not fool proof, but at least it does that part the firewall should.

Download PrivateFirewall from:
http://www.privacyware.com/personal_firewall.html

Therefore I still strongly recommend that a malware detection engine be installed. In this case, I choose AD-Aware FREE. IT does not have the Firewall, which is only in the PRO version. Ad-Aware had ben gaining some attention recently and I reckon that I should give it a chance. However, I am not sure if its because it doesn't play nice with other security products, I am unable to activate the other components besides than registry which then is pretty useless for me.

If you are not using Private Firewall, Ad-Aware may work for you:
http://www.lavasoft.com/products/ad_aware_free.php

So, my quest continues for the Anti Malware that works with PrivateFirewall and I eventually end up with Avast (for now). Avast FREE had always been one of the more popular choices because of its high accuracy and effective protection. However, it was a bit heavy on the GUI resources and I kinda avoided it until now.

So, here is the link to get Avast FREE. You will have to activate it with your email though.
http://www.avast.com/free-antivirus-download

Lets see how this deployment goes and I will post some updates again soon.

Who reads my blog

2011-08-14T11:48:00.001+08:00

You can actually read the detail stats here
http://www4.clustrmaps.com/counter/maps.php?url=http://nemesisv.blogspot.com

In general, lets look at the distribution map:

From the map, it does look like I need to get more attention from people in Australia and Africa because my readers doesn't really reach there. How? I don't have an answer at the moment. However, there are some interesting points from the pacific oceans that actually reads my blog! Yes, thats something encouraging. One of the thing about writing a blog is always about being a egomanianc and assuming the whole world is intersting in what I am writing. I just don't think I go to that extend yet :P But I sincerely hope that the articles I wrote does help people make choices, avoid some choices (mostly) and avoid wasting time, money and other resources in the end.

Well, hope I could keep this up and gain more readers!

Good Job Microsoft Hardware!

2011-08-14T11:34:00.000+08:00

If you have read enough of my blog, you will notice MOST of the time, I go about suxing about some poor services, something that doesn't work etc... Today, I am going to do something different! Yes, and Microsoft happens to be our focus today. Let me tell the story first.

My trusty Microsoft mouse finally broke down near the end of its warranty period and I figure I probably should send it back for a replacement. The mouse was show signs of skipping and I could even shoot properly in F3ar. So I begin to kick start the process by emailing Microsoft hardware. anyway, as usual the links was really hard to find and I think I just email the general support in the end. After which, I swap my mouse to something usable.

Within a day, I received a reply asking me to confirm some drivers, settings etc plus to give them the proof of ownership of the mouse, which I went through and promptly replied. Then I was too busy for a few days and spending some time outside office. So, I totally forgotten about it.

One afternoon not long after I actually got a call from a foreign number (I guess support is not hosted locally then) and a representative from Microsoft actually spoke to me on the phone, giving me an update that the Mouse is now schedule for replacement and I need to confirm that I will accept the replacement model (apparently my model was no longer in production). I was so surprise! When have the support bother to actually try and close the case by contacting the customer? In mose case, if you never call and bug them after a certain time period, they will just throw the case in some store room. But NOT Microsoft. They proactively contacted me (even a phone call, after I had failed to read my emails). After the verbal confirmation, I sent out my official OK on the email and the replacement Mouse came the next evening. n fact, I still got another call in a few days after that. The Microsoft representative wanted to check with me if I had gotten the replacement Mouse and whether it is working alright for me. Definitely a 5 ***** service I say. With that, I am also require to reply and close the case.

I know some of you will probably guess that their support KPI is probably based on cases closed, but their promptness and proactiveness in making sure the case get closed sucessfully is impresssive. I think this is one of the reason why even today. I still own the top of the line Microsoft Gaming products instead of switching to Razor or Logitech. OK, they are cheaper btw, but in no way inferior in my impression.

Well, maybe you can share your experience in dealing with Microsoft hardware support in my comments!

12% Timeout Downloading Adobe Flash Player 10.3

2011-08-14T11:17:00.000+08:00

If you are having problem when downloading Flash Player 10.3 and it stops at 12% and timeout in about 10 seconds, then you are not alone. I do not know the exact reason, but it could be related to the redirected download link to *.macromedia.com when you actually trace the logs. In any case, the temporary solution is to download the full installer and run it directly instead of going through their downloader.

Grab the full installation at:
http://www.adobe.com/products/flashplayer/fp_distribution3.html

However, if your downloader is still having issue downloading from the above link, it could be that somehow *.macromedia.com actually does not work for you at all. In this case, I had created the backup links below.

For Internet Explorer
http://www.fileserve.com/file/PcAg8sC/install_flash_player_10_active_x.exe
For plugins browsers (anything else besides IE):
http://www.fileserve.com/file/TM6yYd8/install_flash_player_10.exe

However, I strongly suggest you do not use the above link unless the latest is still v10.3.183.5 because you could end up not using the latest version and you know how bad Adobe Flash Player is when it comes to security.

Hope this helps you. If it does, do leave me a comment so that I know.

Almost giving up on BullGuard 10 because of Windows Home Server 2011

2011-08-09T16:20:00.000+08:00

Its sad to say that this eventually happened. Its not that I did not anticipated it, but rather sad that after months of debugging and help from both Microsoft and Bullguard, I did not find a easy solution to resolve this.

Here is some background of what had happened. Recently, after the launch, I had decided to upgrade to Windows Home Server 2011 (Despite some features are gone such as Drive Extender). I had been using Bullguard Internet Suite all along prior to this when I was with WHS v1. However, I notice that once I had upgraded and reinstalled the WHS Clients on my desktops and laptops, only 1 of them actually works. The rest of them simply indicate that it cannot connect to the WHS 2001 Server and the server say the same thing about the client. As such, backup and some other functions such as monitoring etc are effectively crippled.

I had been bearing with this, while meantime, I kick started the support with Microsoft, which was my fault that I did not follow through because they had required for all my server's log. Due to privacy issue, I decided that I did not like that idea. At the same time, I contacted Bullguard which went in a spiral and eventually into the blackhole when they said they will get their engineer to take a look at it. Perhaps not many of their customer actually uses WHS 2011. OR plain fact is that people just accept it that these 2 don't mix and choose not to have them together.

Finally, after month of waiting, I decided that I will give up and dump Bullguard. I could try out some of the free solution out there, or buy one that actually works, but I probably won't pay easily now knowing that even commercial Anti Malware may actually not work, despite all they claim for the WHS Client.

So far, what have I tried? I found a free Personal Firewall known as PrivateFirewall (http://www.privacyware.com/personal_firewall.html) and it did actually work very well. Upon reboot, the WHS Client immediately got connected and monitoring, backup status are available. However, although the firewall make claims of blocking malware, it actually doesn't detects them as it does not come with a anti malware module. It only blocks any malware from connecting outside when it tries to.

So, I added a anti malware component to it. I choose Lavesoft's Ad-aware Free Internet Security 9.0 (http://www.lavasoft.com/products/ad_aware_free.php). Don't be confused that it say Internet Security that it will include a Firewall. It doesn't. At least the Free version does not. This however, fits nicely into my solution as it provides the missing anti malware component to PrivateFirewall. I installed this and tried out some checking and backup. No problem with WHS 2011 client software.

At randomly choosing 2 (pretty good) security software and it does not interfere with WHS, I suppose I can conclude that its not WHS at fault. I guess it is also unfortunate that Bullguard could not work as I pretty like it so far as it provided quite a complete suite of functions including vulnerability assessment (via software version). However, I guess they did not manage to test it with a wide enough range of applications and it eventually lead to this. Guess it only a matter of time I will give up, even though I still have a good half year subscriptions left.

MKV plays with sound, but without video on media players

2011-07-28T13:16:00.000+08:00

Have this problem, and yet its not all MKV behind as such? If so, you are in luck, because I have the solution for you here.

First, lets explain whats the problem. In order to save header space (who is not much point consider the MKV is like 8GB and you save 1MB on header...), MKV had implemented a new header compression function for the audio tracks which is default in some version of MKVmerge v4.1.0 (that's another good reason to hate Apple users). Because of this new implemented feature, it is practically forced down, without working out with the manufacturers of the media players.

More info:
http://www.matroska.org/news/compressed-headers.html

As such, we need a tool to undo this, or simply give up and play with PC. The original MKVtoolnix will work (it even has windows version):
http://www.bunkus.org/videotools/mkvtoolnix/downloads.html

There is a batch file created to help make this simple with mkvtoolnix as well, which I had uploaded here:
http://www.fileserve.com/file/uUNGEY6
Just download it and put into same directory of mkv and run it.

But, I prefer to keep it simple and not install or configure too much to fix this. There is a specific tool for cleaning up the mess so that the file can be played by the media players.
http://www.matroska.org/downloads/mkclean.html

Hope this help you. If so, do leave me a comment so that I know it actually works for you guys!

Smart TV or Smart Zombie

2011-07-25T10:50:00.000+08:00

I am sure we all had heard of the term Smart TV. Its the "in" thing now. A TV capable of delivering very rich content from youtube to porntube video all the way to streaming your downloaded avi or mkv from your PC. Sound good, doesn't it? It does. In addition, you can even make video call with it via a TV Camera through Skype or other services. Its almost a PC. In fact, its almost "infectable" as a PC.

Yes, you know what I am driving at. Specific trojans or worms that is targeted at Smart TV. Why? Because the OS is simple and not easily upgradable. Would you upgrade your Smart TV firmware? I think maybe once in a blue moon. But you would download new apps or install some "patched" apps which makes paying for them looks stupid. These are good channels for an attacker to hit the users. And even if a jailbreak is necessary, I won't think it would take too long.

And whats the benefit of hitting a Smart TV? Its not on all the time. BUT is the server on? Probably not. Then again, some people have the TV on ALL THE TIME. If the attacker installed a trojans, its very hard to remove because I do not forsee user would pay for an Antivirus for your Smart TV, if in the first place there is one. This makes the Smart TV a perfect candidate for a "Smart" zombie.

Moreover, there are added bonus of the TV Camera. Imagine if you could stream these out, its almost like installing a spy camera in the house. I am not interested at what the camera may capture, but I am sure many other noisy people will be. I do not suppose there is a firewall to block the Smart TV from sending streams to "spycam.badsite.com". Well, you heard me. There will probably not be a market for security software if users needs to pay a lot of it.

Well, at the point of time of this writing, there is still no KNOWN trojans for Smart TV. But who knows, there may already be some in work or even deployed. Thinking of getting a Smart TV. Be Smart! Get a dumb TV!

P.S. I am not against Smart TV, but I just want to express my views on potential danger and security risks involved in rolling out such technology without a good mechanism for defense. This is the reason why the bad guys always wins.

Playstation 3 CFW 3.55 KMEAW

2011-07-16T18:41:00.000+08:00

Ever since Playstation decided to root out Linux, it got everyone pissed, which eventually lead to PS3 being jail broken. And today, I am going to tell you how to do it safely at home. I had tested many firmware and only recommend the most stable one here. Others varies.

Firstly, before you go ahead, check your system firmware. It has to be 3.55 or below. Currently, there is no publicly known way to downgrade from 3.56 onwards. Well, if you do have 3.41, you may want to consider sticking to it, but many games are coming out that soon require at least 3.5... So its only sooner or later you will be forced to do so.

I had chosen KMEAW's 3.55 CFW here. There is also a recently released call Varaques which enable you to reinstall your Linux back into the box. However, since it has 3.66 spoof installed, which in my opinion is not stable, I will not recommend it here. Of course, if PSN is a must for you, consider PS3ita's 3.55. They have a working spoof that enable the backdoor into PSN.

Right. So as before, I had packaged all the files into nice bundles for you. Just grab all the below files and I will explain as you are downloading...

3.55 OFW
http://www.fileserve.com/file/yAKcBbg
3.55 KMEAW CFW
http://www.fileserve.com/file/vgaMpu3
PS3 Utiltities
http://www.fileserve.com/file/M3cfATE
Steps:

3.55 OFW is the original firmware. The most stable way to upgrade is to go into the original firmware first.Just pack it into you thumbdrive root. The directories are prepared for you.
OK, after flashign in 3.55 OFW, you will need to boot your PS3 into debug mode. To do so, shutdown your PS3 first. Hold on to your power button. And I mean it hold on. You should hear "beep" then another "beep" and it shut down.
Continue to hold on, do not let go. PS3 will boot up and then it will "beep" then "beep beep". At "beep beep", release the button. Don't worry, if you missed it, it will just "beep" one more time and shutdown. You need to repeat step 3.
You will be prompt to connect your controller and press the Playstation button on the controller.
You should see a very different menu which has about 8 options, the last one is to flash the update. Make sure you have your 3.55 KMEAW CFW onto another thumbdrive (or same, but it should overwrite your OFW. I just think its not so complicated to use 2 thumbdrives). Plug the thumdrive in and choose the option to update firmware. This will take another round which is similar to the OFW update.
After reboot, you should be in 3.55 CFW. Now its time to roll in some ultilities.

PS3 Utilities Pack

First of all, I had chosen the basic stuff that you will need. There are many many others out there, you may want to explore and find then yourself. Unpack the files into the root of your thumbdrive and insert it into your PS3. Go to Games, install package and select them accordingly.

multiMAN ver 02.02.00 (20110709-200500).pkg - MultiMan v2.02 for managing/launching your games
BDEMU-355.pkg - BD-ROM Emulator
LAST_GAME_355 - Mounts the last game you launched from multiMAN and returns you to XMB. Start the game from disc icon or /app_home
BDROM-RESET - Removes path redirections, removes bd-mirror (restores usb to normal mode) and moves the last game played in bd-mirror mode back to its location.
openps3ftp.pkg - Open PS3 FTP for transfering your files into your PS3 directly. This is very useful for large files which will not fit onto your portable FAT32 HDD.
ComgenieAwesomeFilemanager355.pkg - A good file manager for the PS3

Emulator

I thought, why not? I include a emulator call FBAnext r486 here.

fba-mm-ps3.pkg - Supports Capcom CPS-1 / Capcom CPS-2 / Capcom CPS-3 Cave / Neo Geo / Sega System 16 / Toaplan / Taito / Psikyo 68EC020 Plus Other Misc Great Arcade Systems

Grab it here:
http://www.fileserve.com/file/WnM3eqe