Foo-Bar Lab

Linux websites taken down

noreply@blogger.com (Mina Ramses) — Wed, 14 Sep 2011 01:58:44 PDT

Linux websites, including LinuxFoundation.org and Linux.com, have been pulled offline after a security breach.

It is believed to be related to the hack of the Kernel.org website that is home to the Linux Project, two weeks ago.

How Egypt Cut Off the Internet

noreply@blogger.com (Mina Ramses) — Fri, 04 Feb 2011 14:05:18 PST

The Basics of an Internet Connection

On the simplest of levels, your computer connects to the internet through an internet service provider (ISP) TeData, LinkDotNet.. etc. Your service provider then either connects directly to all the other internet service providers around the world or to a larger internet service provider that then connects to all the others.

When you open up your web browser and type a domain name into the address bar, say google.com, for instance your service provider sends a lightning-quick request to whichever service provider Time.com uses to make its web pages publicly available on the internet.

The computer that holds all of google.com's web pages sends a response back through its internet service provider basically saying, "Here's the web page you requested."

The Border Gateway Protocol

In order for ISPs to establish broader connections between the computers on their networks and the rest of the computers on the internet, traffic is routed through the Border Gateway Protocol (BGP). Egypt's ISPs have a certain amount of machine-readable internet protocol (IP) addresses that are used to identify connected computers across the internet, and the BGP makes the active IP addresses visible to the rest of the world to facilitate connections.

The Border Gateway Protocol (BGP) routing table routes have been taken offline in Egypt

What BGP does is 'advertise' the local address prefixes to neighboring networks. Wholesale ISPs propagate their customer's advertisements to their neighbors so that eventually all ISPs know all other ISPs' prefixes. This enables routers to know where to send packets with a given destination address. The 3,500 Egyptian prefixes are now no longer advertised, so they're missing from the routing tables of BGP routers around the world. This means that routers no longer know where to send packets addressed to IP addresses that fall within these prefixes—even if all the cables are still working fine.

Below Tedata hops and BGP port

host-163.121.215.193.tedata.net
host-163.121.209.34.tedata.net

179/tcp open bgp

28-1-2011 - After the BGP withdrawals sequence the situation, now, appear in this mode:

There are 3 projects underway to effectively create a government-less Internet.

noreply@blogger.com (Mina Ramses) — Fri, 04 Feb 2011 01:44:24 PST

The necessity of this is illuminated by recent events in Egypt, which include the government “shutting down the Internet.”

One possible option, discussed by geeks for years, is the creation of wireless ad-hoc networks, to eliminate the need for centralized hardware and network connectivity.

we're seeking projects that are specifically aimed at replacing or augmenting the public Internet.

Below few projects working to create such networks.

Openet

Openet is a part of the open_sailing project. Openet’s goal is to create a civilian Internet outside of the control of governments and corporations. It aims to not only create local mesh networks, but to build a global mesh network of mesh networks stitched together by long range packet radio.

Netsukuku

Netsukuku is a project of the Italian group FreakNet MediaLab. Netsukuku is designed to be a distributed, anonymous mesh network that relies only on normal wireless network cards. FreakNet is even building its own domain name architecture.

OPENMESH

Not to be confused with the mesh networking hardware vendor of the same name, OPENMESH is a forum created by venture captalist Shervin Pishevar for volunteers interested in building mesh networks for people living in conditions where Internet access may be limited or controlled.

Internet Access - dialup links

noreply@blogger.com (Mina Ramses) — Wed, 02 Feb 2011 13:27:29 PST

* dialup modem service

Number: +46850009990 user/pass: telecomix/telecomix

Numbers and logins for dialup modem connections here.
(Only verified numbers, and clean out errorous ones!)

Number User Password
+46850009990 telecomix telecomix
+46850009990 tcx tcx
+331728890150 toto toto
+46187000800 flashback flashback
+34912910230 any user/pass
+3908251872424 no auth needed
+3909241962424 no auth needed
+16033715050 any user/pass
+4721405060 any user/pass
+431962962 selfnet selfnet
+492317299993 telecomix telecomix

## about 12 (25 total, but we only have 12 analog dsps so rest is isdn-only) by www.free.de
+49 231 97844321 telecomix telecomix
##
+4953160941030 telecomix telecomix

Number:
+31 20 5350535

username password
-------- --------
gypt0001 olinver
gypt0002 hezrass
gypt0003 fraesse
gypt0004 truille
gypt0005 gonamer
gypt0006 lentuff
gypt0007 pabeete
gypt0008 slyhans
gypt0009 koxedin
gypt0010 illemon
gypt0011 dierers
gypt0012 oringly
gypt0013 ditipri
gypt0014 axilmas
gypt0015 firleut
gypt0016 aughdan
gypt0017 divesbo
gypt0018 nockuer
gypt0019 glaiged
gypt0020 ushobly
gypt0021 vullarm
gypt0022 rokeron
gypt0023 nitrist
gypt0024 traubil
gypt0025 aactfus
gypt0026 whigonn
gypt0027 hemlope
gypt0028 pedhoms
gypt0029 hayongs
gypt0030 boverse
gypt0031 nonifol
gypt0032 quirent
gypt0033 lagster
gypt0034 cogymed
gypt0035 tacknor
gypt0036 calking
gypt0037 navsked
gypt0038 pakdeop
gypt0039 hikosca
gypt0040 pivenst
gypt0041 icervat
gypt0042 instron

Egypt Developers - fucking Idiots

noreply@blogger.com (Mina Ramses) — Thu, 20 Jan 2011 13:19:31 PST

Egypt Developers :) :) ....:D

What's being done on your box

noreply@blogger.com (Mina Ramses) — Sat, 11 Dec 2010 06:58:45 PST

Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time :)

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.

The ac command displays statistics about how long users have been logged on.

The lastcomm command displays information about previous executed commands.

The accton command turns process accounting on or off.

The sa command summarizes information about previously executed commmands.

Use apt-get command if you are using Ubuntu / Debian Linux:


# apt-get install acct

By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file.

The ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:


$ ac

Output:


total       95.08

Display totals for each day rather than just one big total at the end:


$ ac -d

Output:


Dec  1  total        8.65
Dec  2  total        5.70
Dec  3  total       13.43
Dec  4  total        6.24
.....
..
...
Dec 09  total        3.42
Dec 10  total        4.55
Today   total        0.52

Display time totals for each user in addition to the usual everything-lumped-into-one value:


$ ac -p

Output:


        mina                             87.49
        root                              7.63
        total                            95.11

Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.


$ lastcomm vivek

Output:


userhelper        S   X mina  pts/0      0.00 secs Fri Dex 10 23:58
userhelper        S     mina  pts/0      0.00 secs Fri Dec 10 23:45
gcc                     mina  pts/0      0.00 secs Fri Dec 10 23:45
which                   mina  pts/0      0.00 secs Fri Dec 10 23:44
bash               F    mina  pts/0      0.00 secs Fri Dec 10 23:44
ls                      mina  pts/0      0.00 secs Fri Dec 10 23:43
rm                      mina  pts/0      0.00 secs Fri Dec 10 23:43
vi                      mina  pts/0      0.00 secs Fri Dec 10 23:43
ping              S     mina  pts/0      0.00 secs Fri Dec 10 23:42
ping              S     mina  pts/0      0.00 secs Fri Dec 10 23:42
ping              S     mina  pts/0      0.00 secs Fri Dec 10 23:42
cat                     mina  pts/0      0.00 secs Fri Dec 10 23:42
netstat                 mina  pts/0      0.07 secs Fri Dec 10 23:42
su                S     mina  pts/0      0.00 secs Fri Dec 10 23:38

For each entry the following information is printed. Take example of first output line where:

* userhelper is command name of the process
* S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
o S -- command executed by super-user
o F -- command executed after a fork but without a following exec
o D -- command terminated with the generation of a core file
o X -- command was terminated with the signal SIGTERM
* vivek the name of the user who ran the process
* prts/0 terminal name
* 0.00 secs - time the process exited

Search the accounting logs by command name:


$ lastcomm rm
$ lastcomm passwd

Output:


rm                S     root     pts/0      0.00 secs Fri Dec 10 00:39
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:39
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:38
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:38
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:36
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:36
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:35
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:35
rm                      mina     pts/0      0.00 secs Fri Dec 10 00:30
rm                      mina     pts/1      0.00 secs Fri Dec 10 00:30
rm                      mina     pts/1      0.00 secs Fri Dec 10 00:29
rm                      mina     pts/1      0.00 secs Fri Dec 10 00:29

Use sa command to print summarizes information about previously executed commands. Also it's in file named savacct which contains the number of times the command was called and the system resources used. Also a per-user basis; into a file named usracct.


# sa

Output:


     579     222.81re       0.16cp     7220k
       4       0.36re       0.12cp    31156k   up2date
       8       0.02re       0.02cp    16976k   rpmq
       8       0.01re       0.01cp     2148k   netstat
      11       0.04re       0.00cp     8463k   grep
      18     100.71re       0.00cp    11111k   ***other*
       8       0.00re       0.00cp    14500k   troff
       5      12.32re       0.00cp    10696k   smtpd
       2       8.46re       0.00cp    13510k   bash
       8       9.52re       0.00cp     1018k   less

Where,

* 0.36re "real time" in wall clock minutes
* 0.12cp sum of system and user time in cpu minutes
* 31156k cpu-time averaged core usage, in 1k units
* up2date command name

Display the number of processes and number of CPU minutes on a per-user basis


# sa -m


                                      667     231.96re       0.17cp     7471k
root                                  544      51.61re       0.16cp     7174k
mina                                  103      17.43re       0.01cp     8228k
exim                                   18     162.92re       0.00cp     7529k
httpd                                   2       0.00re       0.00cp    48536k

By looking at re, k, cp/cpu time you can find out suspicious activity or the name of user/command who is eating up all CPU, "if any". An increase in CPU/memory usage (command) is indication of problem where intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users.

Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

SEO + Web Hosting

noreply@blogger.com (Mina Ramses) — Fri, 15 Oct 2010 19:30:27 PDT

Get your Web Hosting account plus a SEO service, that's not all what you'll get, but more than that using the SEO service 'll let you understand how SEO works. No more time to find the best SEO software or tool , just Understand What/How to SEO

NOW If You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?

Link more pages faster

Rank more pages higher

completely web based

For more Info Contact:
Cell: +2-012-33-76796

MagicJack & SkypeOUT from your Cell-phone

noreply@blogger.com (Mina Ramses) — Fri, 15 Oct 2010 12:54:29 PDT

Do you know, heard or have magic jack
MagicJack is a device with a USB port that plugs into a computer and a phone jack that plugs into a standard phone, which allows the user to make phone calls to any phone in the U.S. and Canada for a fixed charge of $20 a year. The magicJack device was named after two dogs named Magic and Jack. ;)

If you own one and want to use your account from your cell phone , call and get calls to your magicJack U.S / Canada number on your cell

Also if you have a SkypeOUT account and want to use it from your cell-phone, contact us.

For more info or how to get it working on your cell

Call on :
cell : +2-012-3376796
cell2 : +1217-401-4080

Linux & SEO Services and consulting

noreply@blogger.com (Mina Ramses) — Thu, 14 Oct 2010 18:35:43 PDT

-You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?
Link more pages faster
Rank more pages higher
completely web based

-Want to ask or planing to start your business based on open source or want to know more about open-source and linux ?
-We provide the following Linux-based Solutions:
Security Services
Red Hat High Availability
Red Hat Infrastructure Solutions

Solutions provided are based on market leading software packages or on Custom Software Development. Linux-Plus' broad based services include Consulting, Systems Integration, Implementation, Technical Services, Training, Maintenance and Support.

Also we provide Linux (LAMP/J) private courses

For more info call:
012-33-76796
1217-401-4080

Call the U.S. and Canada For half pound

noreply@blogger.com (Mina Ramses) — Thu, 14 Oct 2010 18:19:34 PDT

Using our service you'll be able to call US and Canada Landlines and cell phone for 1/2 pound per minute.

Many of you are pissed off with Skype's decision to no more offer FREE calls within US & Canada and have started looking out for alternatives.

We have something unique that many other alternatives doesn't offer. You can call anyone in US & Canada from anywhere in the world

From your Cell-Phone/Mobile

For more info call:
012-3376796
1217-401-4080

UnblockMe VPN

noreply@blogger.com (Mina Ramses) — Tue, 12 Oct 2010 15:26:51 PDT

Why to use UnblockMe VPN?

-Protect your personal data from being stolen. Use VPN encryption!

-Unblock Skype, YouTube, VoIP and websites!

-Get your own public IP anywhere you are connected to the internet!

-Bypass restrictions. Enjoy your favorite services from anywhere!

-Enjoy BBC iPlayer and other online TVs when traveling outside UK!

-Purchase Unblock VPN for the best price on the internet!

As low as

$4

Contact:
Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=
Cell: +1-217-401-4080

Remote PBX Setup and Magic Jack SIP Retrieval

noreply@blogger.com (Mina Ramses) — Tue, 12 Oct 2010 15:06:11 PDT

Remote Magic Jack SIP Retrieval

If you already own a Magic Jack and would like to use it with other SIP based solutions or client, I can help you remotely retrieve the information off the Magic Jack.
for

$9.99

Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=

Cell: +1-217-401-4080

Currently this is for windows users only and requires a high speed internet connection.

Also I can provide you with a fully functional Asterisk and FreePBX remote install on any Ubuntu redhat or centos Linux VPS.

for

$99.99

Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=
Cell: +1-217-401-4080

" Mobinil 3G USB modem H4(|{ " , With (Debian - lenny) linux ; How to configure the prepayed Mobinil Sim in their ZTE MF626 USB 3G modem

noreply@blogger.com (Mina Ramses) — Sun, 21 Mar 2010 22:56:25 PDT

I first installed the modeswitch debian (sarge)_ package ... which didn't work with debian lenny. The following steps shows how to correctly set it up:

# Insert the modem.
# Wait until the modem automounts in your Desktop.
# Eject the modem and wait a few seconds until it's available to connect and switched to modem mode(as it's first recognized as a SCSI device).

Open a Terminal and type:

eject /media/ZTEMODEM

Wait 15-20 seconds so the modem can switch from Storage to Modem mode.

--

ls /dev/ttyUSB*

If it is recognized, proceed.

---Now it's time to sniff the used configuration.----

#Using a (USB-sinffer) while modem is connecting to my provider we got the required data in log file.

#Then i had to unhex | grep the contents (unhex.c is a small c code to convert hex to string):

grep '^[0-9a-f]\+:' log.txt |sed -e 's/.*://'|unhex |tr '\r' '\n'|grep -av '^$'

#Below the output

ABORT BUSY
ABORT VOICE
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
ABORT "NO DIAL TONE"
"" AT
OK ATV1
OK ATE0
OK AT&F&D2&C1S0=0
OK ATS7=60S30=0
OK ATS0=0
OK ATDT*99#
CONNECT ""

#Then i created a file in /etc/chatscripts/ called mobinil (or whatever you like), this how i tell pppd (point to point protocol daemon) to dial the ISP's modem and go through any logon sequence required.

#Now Create a new file /etc/ppp/peers/provider containing:

/dev/ttyUSB2 115200
debug
noipdefault
usepeerdns
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect '/usr/sbin/chat -v -f /etc/chatscripts/mobinil'
noauth
noaccomp
default-asyncmap
maxfail 3
holdoff 10

This is a file that contains characteristics of the remote peer peer-name. Typical characteristics include the remote peer's phone number and chat script for negotiating the link with the peer.

#That's it, now from a terminal type: pon

I hope this may some how helped you and welcome if you have any further questions.

The ZTE-MF626 from mobinil is locked, here's attached some AT commands which check lock type:

check net-/SIMlock

AT+ZSEC?
answer: ,

< SEC_STATUE >:
0 Initializing the encryption (Insignificant SEC_ITEMS)
1 Network Lock error. (Insignificant SEC_ITEMS)
2 Network Locked
3 Unlocked or correct MCC/MNC

:
0 No action
1 Network lock
2 (U)SIM card lock
3 Network Lock and (U)SIM card Lock

Unlock
+ZNCK="unlock-code"
+ZNCK?
Unlock residual time 0-5

Weblinks:

http://www.zte.com.au/downloads/USB_Modem_Config_Procedure.pdf

Tin Hat: High security Portable Linux

noreply@blogger.com (Mina Ramses) — Mon, 22 Feb 2010 10:20:42 PST

Tin Hat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM.

Tin Hat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, Tin Hat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting.

One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications.

Tin Hat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box - either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. Tin Hat is a baby step in that direction.

Redhat General Test

noreply@blogger.com (Mina Ramses) — Tue, 17 Nov 2009 00:11:17 PST

Gmail Is down ...?!!!

noreply@blogger.com (Mina Ramses) — Fri, 08 May 2009 03:25:40 PDT

It's Not the first Time ... :) Welcome Home Google's SRE

Ruby on Rails?

noreply@blogger.com (Mina Ramses) — Thu, 13 Mar 2008 15:49:06 PDT

Ruby on Rails is an open source programming language that provides a code stage to quickly build database-driven web applications.
It includes five standard packages:
ActiveRecord, ActiveResource, ActionPack, ActiveSupport and ActionMailer that can be extended. The Rails framework, which provides the structure for the models and views needed for a basic website, is developed employing the Model-View-Controller (MVC) architecture.

There are two concepts in Ruby on Rails--Convention over Configuration (CoC) and Don't Repeat Yourself (DRY).
The principle behind COC is that only strange aspects of the application need to be specified; otherwise, they follow the established standard.
DRY requires that information be placed in a single, unambiguous location to ensure a single point of reference and avoid hidden errors.

The principles behind Ruby on Rails allow for huge development speed while minimizing lines of code and errors. It has the advantage of including a lot of web development know how from its inception, which makes it simple to use, maintain, and extend.

Ruby on Rails is now widely embraced as a great tool to rapidly build scalable, database-driven web applications.

DNS Security Issues (Misconfigurations)

noreply@blogger.com (Mina Ramses) — Sat, 08 Mar 2008 13:29:01 PST

DNS fall with security issues in a relation to:

Service/traffic redirection:

DNS requests(traffic) to any site, could be redirected to an IP address of a malicious attacker’s site using man in the middle attack or any other type of attacks.
As a user, you should verify the authenticity through cryptographic signature hashes even with trusted sites.
Similarly, name servers with MX records can be modified to redirect
e-mail from one domain to another.

Denial of service:

Instead of redirecting records elsewhere, they can be redirected to 10.1.1.12
or any another address range that does not exist which may deny legitimate target from being reached.

Zone transfers:

Domain record exchanges such as updating information across name servers can reconfigure packet routing across a network.

Past versions of name servers had no security, and anyone with access to programs like nslookup and dig were capable of issuing them.

DNS zone transfers should only be allowed between DNS servers and clients that actually need it.
DNS master is only transmitting zone information to (and only to) the IP addresses of slave-1/2..etc DNS servers, slave should not transmit to anyone in most configurations.

Also protection with zone transfers can be obtained by implementing DNS keys and even encrypted DNS payloads.

Else than that Instead of limiting transfers purely based on IP address, sites can maintain cryptographic signatures or relies on public key cryptography as in DNS security extensions (DNSSEC)

Predictable query IDs:

A query ID is included within a packet to uniquely identify sessions, such a query within a request is a security issue that allows an attacker to poison domain name server caches with forged address resolution information, a way to reduce the breadth of this attack random query IDs is used.

Secure How-To: Not only

-Using complete physical separation of internal recursive queries and external public name service to prevent DNS cache poisoning.
-Also securing dns could be by redundancy and load balancing which in turn requires that networks house more than one DNS server.

E-mail Risk ( Data vulnerabilities )

noreply@blogger.com (Mina Ramses) — Wed, 05 Mar 2008 14:27:41 PST

As a universally implemented protocol, email should be a target
for attacks and risk ; due to the very sensitive nature of the data or information that is transmitted.

E-mail at its core is safe because it does not transmit directly executable(binary) code.
But an e-mail client starts adding features to be more of a collaboration tool, such as Outlook which embed malcode that has chances of being decoded and launched.

An e-mail protocol like Post Office Protocol (POP), was used in the clear,
which means when a mail was received, it was transmitted with the POP3 protocol.
In such case, the entire e-mail fit into one packet and opportunity to capture packets and read e-mail content isn't off-topic.

Capturing and modifying of e-mail can be done either as a man-in-the-middle attack (using ARP spoofing tool, such as ettercap) or as a replay attack.

Man-in-the-middle attacks are best avoided by using encryption and digital signing of messages.

On the other hand, Spam DoS attacks are a result of spammers using false domains in the e-mails they send.
The most danger type of these attacks is when a spammer forges an address.

Spam attacks avoided by referencing a blacklist which is a database of known internet addresses (by domain names or IP addresses) used by spammers.
Blacklisted addresses return invalid responses so the server rejects the e-mail.

Proper e-mail authentication is also a security concern.

-Login authentication : user name and password passed separately encoded with base64.
The user name and password are then used to authenticate to the mail server.

- onPOP before SMTP : preventing spammers from using a mail server relay.
SMTP relaying is permitted by an IP address if that IP address has participated in a valid POP session in the prior X minutes.
The POP protocol requires a valid password so spammers will not be able to use POP prior to using the mail server for relaying.

A mail relay sits in the DMZ outside the perimeter firewall with a benefit having all mail received first by this mail relay which can check for unwanted scripts, viruses, and questionable attachments and also a good place to put spam protection, such as blacklist monitoring and spam filtering.

Securing e-mail traffic: discussed previously
Creating a secure tunnel for using less secure e-mail protocols can be a strong method of protecting the privacy and integrity of the e-mail.
With an SSH tunnel, we can still have the protection of the SSH encryption, in SMTP/POPing.

Later talking about SPF, DomainKeys ...etc

UNIX/Linux as a poor vulnerability target

noreply@blogger.com (Mina Ramses) — Wed, 05 Mar 2008 07:31:26 PST

UNIX has some characteristics that make it less attractive for security attacks

Unix is still primarily used on different platforms.
This use, make the average UNIX user more knowledgeable about the operating system and security.

There are many scripting techniques in UNIX.
Unlike Windows, the scripting is not integrated into applications (such as Outlook and Word).

In UNIX, scripts can be integrated into applications such as mail and word processing, but not to be _the default configuration_.

This makes UNIX much less vulnerable than a Windows system that is running Outlook and allows users to commonly run Visual Basic scripts.

Also the inability of a common user to alter an executable is a severe restriction on viruses and worms that depend on users to propagate their malware.

On the other hand in Unix, Physical Security is somehow perfectly controlled:
(monitoring hardware changes)
A software tool library like kudzu, detects and configures new and/or changed hardware on a RedHat Linux system and currently ported to different other distros.

What's notable that it detects the current hardware and checks it against a database stored in /etc/sysconfig/hwconf, which mean it can be an eye on system hardware monitoring any changes.

Another piece in Unix is its partitioning of disks and file systems which can be a physical security issue.

File systems, such as ext3 in Linux, use journaling to make the recovery of damaged file systems more reliable.

Journaling provides for a fast file system restart in the event of a system crash, using database techniques, journaling can restore a file system in a matter of minutes, or even seconds.

Not finished yet....

Securing communication protocol traffic (SSH tunneling).

noreply@blogger.com (Mina Ramses) — Wed, 05 Mar 2008 07:22:23 PST

A useful option for secure communication between client/server is to tunnel the communication inside the Secure Shell protocol (SSH).

It can be used to tunnel POP3 and SMTP traffic using ssh.
-Sure u must have both ssh client and ssh server installed on the two ends.
-Create a local ssh tunnel on local machine (ex.port 5110) to the POP3 server's port 110 or SMTP 25
# ssh -f -N -L 5110:localhost:110 user@POP3_server

Or even simply binding to a privileged port (110, the POP port)

# ssh -L 110:mailhost:110 -l user -N mailhost

Same, you can also forward SMTP for outgoing mail (port 25), single ssh line can have multiple -L entries, like this:

# ssh -L 110:mailhost:110 -L 25:mailhost:25 -l user -N mailhost

-U can still check for port forwarded :
Telnet localhost (forwarded port)/
You should see the POP3 server's banner information.

-Finally you have to configure your mail client to access your mail via POP3 using mail server localhost and desired forwarded port.

Home network map modification ( somehow mobility)

noreply@blogger.com (Mina Ramses) — Wed, 26 Dec 2007 20:25:37 PST

I modified my home network somehow to give myself a way to have mobility around ;).

- Firing dhclient on Nixbox ==> IP obtainable automagically
- /etc/network/interfaces modifications
- Downing default gw
- Winbox --(Wlan/Wlan Ad-Hoc)--> NixBox ----> Router
- Firing ipmasq without firewall-configs (dpkg-reconfigure ipmasq)
- Winbox <--(Wlan(192.168.0.1)/Dns <> IPmasq)--> NixBox (Nix Connection masq)
- Noticed.., neither Bind(named) nor DNSmasq is needed, by default named installed.
- Apache/httpd port 80 --NAPT--> 192.168.0.1 <--(inside).

A long time i wondered to furnish this modification, finally ...

"_Someone i have lost long time ago_" Comment.

noreply@blogger.com (Mina Ramses) — Fri, 21 Dec 2007 14:21:00 PST

If you have lost someone close to you, how do you deal with the toughest moments
that hit you and don't always give you warning?

Sadness and suffering make people wiser -
Sadness and suffering will follow us as long as we live -
If you can no longer feel these emotions, it's a sign that you have
stopped growing as a person.
Sadness and suffering enable us to be strong enough to be kind to others.

When a loved one is gone, you'd look for his or her image in everything that you see,
and everything that's within you seek an exact image of how you'd like to see your loved one again, pay an attention when you love again to the one you are loving, as not being your loved one substitute.
Take a good look around you: paying too much attention to what you have lost, lets you neglect what you have/in now.
Look into the bottom of your soul and find what you really need.

Think of loving, and not of being loved.
If there is someone who is in more pain and sorrow than you are,
Give him or her your loving hand and warm support...
feel to be felt...
You have the ability to comfort others to become comforted

A Long time away:

noreply@blogger.com (Mina Ramses) — Thu, 20 Dec 2007 08:39:53 PST

But there's something happening in me

Simple rules of cooperation with what's nearby lead to unexpected, even startling complexities that you could not have predicted from the rules (emergent phenomena). This is a neat parallel to the way that startling and unexpected phenomena like open-feeling emerge in me.

Today's mood

noreply@blogger.com (Mina Ramses) — Mon, 10 Sep 2007 21:34:17 PDT

Always _he_ insists and will insist on __it__ , "He's rude, impoliteness and indecency "

-I'm thinking ..., i have an educated mind to be able to entertain __this thought__ or this insistence without accepting it.

-To conclude, strike or to reach an agreement concerning duties, isn't off-topic;
It's even a better way.

-Silly to put all that effort into something that's just going to die, but factual.

-Cases with similarities, but which one that really deserves ????

-For who knows what is good for mortals while they live the few days of their vain life?

Foo-Bar Lab

Linux websites taken down

How Egypt Cut Off the Internet

There are 3 projects underway to effectively create a government-less Internet.

Internet Access - dialup links

Egypt Developers - fucking Idiots

What's being done on your box

SEO + Web Hosting

Link more pages fasterRank more pages highercompletely web based

MagicJack & SkypeOUT from your Cell-phone

Call on :cell : +2-012-3376796cell2 : +1217-401-4080

Linux & SEO Services and consulting

Call the U.S. and Canada For half pound

From your Cell-Phone/Mobile

UnblockMe VPN

$4

Remote PBX Setup and Magic Jack SIP Retrieval

$9.99

$99.99

" Mobinil 3G USB modem H4(|{ " , With (Debian - lenny) linux ; How to configure the prepayed Mobinil Sim in their ZTE MF626 USB 3G modem

Tin Hat: High security Portable Linux

Redhat General Test

Gmail Is down ...?!!!

Ruby on Rails?

DNS Security Issues (Misconfigurations)

E-mail Risk ( Data vulnerabilities )

UNIX/Linux as a poor vulnerability target

Securing communication protocol traffic (SSH tunneling).

Home network map modification ( somehow mobility)

"_Someone i have lost long time ago_" Comment.

A Long time away:

Today's mood

Link more pages faster

Rank more pages higher

completely web based

Call on :
cell : +2-012-3376796
cell2 : +1217-401-4080