Handwriting Note

MySQL Partition by Range

noreply@blogger.com (Catur) — Tue, 27 Dec 2011 11:18:00 +0000

Here's short tutorial how to create partition by range on MySQL 5.1.
The partition create using range based on date field.

CREATE TABLE `addressbook` (
`ID` CHAR(2) CHARACTER SET utf8 COLLATE utf8_unicode_ci DEFAULT '00',
`NAME` VARCHAR(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci,
`BIRTHDATE` DATE NOT NULL
KEY `ID` (`ID`),

) ENGINE=INNODB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
PARTITION BY RANGE(TO_DAYS(BIRTHDATE)) (
PARTITION p201101 VALUES LESS THAN (TO_DAYS('2011-02-01')),
PARTITION p201102 VALUES LESS THAN (TO_DAYS('2011-03-01')),
PARTITION p201103 VALUES LESS THAN (TO_DAYS('2011-04-01')),
PARTITION p201104 VALUES LESS THAN (TO_DAYS('2011-05-01')),
PARTITION p201105 VALUES LESS THAN (TO_DAYS('2011-06-01')),
PARTITION p201106 VALUES LESS THAN (TO_DAYS('2011-07-01')),
PARTITION p201107 VALUES LESS THAN (TO_DAYS('2011-08-01')),
PARTITION p201108 VALUES LESS THAN (TO_DAYS('2011-09-01')),
PARTITION p201109 VALUES LESS THAN (TO_DAYS('2011-10-01')),
PARTITION p201110 VALUES LESS THAN (TO_DAYS('2011-11-01')),
PARTITION p201111 VALUES LESS THAN (TO_DAYS('2011-12-01')),
PARTITION p201112 VALUES LESS THAN (TO_DAYS('2012-01-01')));

Here's how to monitor your partition rows, index length and data length :

mysql> SELECT partition_name, partition_method, partition_expression, partition_description, table_rows, index_length, data_length FROM
information_schema.partitions WHERE table_name='addressbook';

To make sure your query read the partition, use describe partitions like this example :

mysql> describe partitions select count(0) from addressbook where BIRTHDATE='2011-12-11';

File Transfer Protocol ( FTP ) as background process

noreply@blogger.com (Catur) — Thu, 22 Dec 2011 10:16:00 +0000

To start send or receive file using ftp as a background process, do something like this :

1. Start FTP transfer command with nohup at the front of the ftp command
ex : nohup ftp xxx.xxx.xxx.xxx
after that login to the FTP Server
send ftp command like put or get
2. Press Control-Z after that
3. At the shell prompt, enter the command "bg"

Configure EtherChannel trunking and VLAN tagging with Cisco 2960

noreply@blogger.com (Catur) — Thu, 15 Dec 2011 11:13:00 +0000

The task: Configure a redundant networking setup between a NetApp filer and a Cisco switch running IOS.

The steps:
1. Pick 2 or more switch ports you would like to trunk together.
2. Configure the switch ports to use 802.1q standard. By default cisco catalyst 2960 use 802.1q :

conf t
interface gigabitEthernet 0/1
switchport mode trunk
channel-group 1 mode on
no ip address

3. Make sure that the channel-group mode is set to on and not desired which is the default.
4. Configure the filer to use a multi vif, and then configure VLAN tagged interfaces on top of the vif:

Note: In this example VLAN id 501 is used.

vif create multi vif0 e0a e0b
vlan create -g on vif0 501
ifconfig vif0-501 192.6.1.1 netmask 255.255.255.248

How to edit /etc/fstab when at Centos/Redhat “Repair filesystem” prompt?

noreply@blogger.com (Catur) — Tue, 22 Nov 2011 08:15:00 +0000

I faced to this problem when i edited mount point in /etc/fstab file and then reboot my linux server but unfortunately it can't start to work just prompt "Repair filesystem".

Linux gives you a “Repair Filesystem” prompt in this situation and you can enter that by providing the root password. The problem is that on “Repair Filesystem” prompt, linux file system and rest of the file systems are generally not mounted and if mounted then it is “Read-Only” so you can not change files.

Solution:

Use following command to mount the filesystem with writable permission:

Repair filesystem # mount -w -o remount /

After this you can go and change /etc/fstab file. Restart your computer and that’s it.

Sony Ericsson Xperia Mini and Mini Pro hands-on

noreply@blogger.com (Catur) — Sun, 08 May 2011 02:26:00 +0000

Sony Ericsson Xperia Mini and Mini Pro hands-on
Read More here

Compile Linux Kernel v2.6

noreply@blogger.com (Catur) — Thu, 25 Nov 2010 12:15:00 +0000

This is step for compile kernel v2.6. For example, we will compile linux-2.6.20 kernel.

1. cd /usr/src
2. wget -c http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.20.tar.bz2
3. tar xvfj linux-2.6.20.tar.bz2
4. cd linux-2.6.20
5. make clean && make mrproper
6. make menuconfig
7 make
8. make modules
9. make bzImage
10. make modules_install
11. make install
12. mkinitrd /boot/initrd-2.6.20.img 2.6.20

Compile need about 1 hour, that's depending on processor speed. After compile finished, edit the Group Loader or LILO to use new kernel.

MySQL Table Records Monitoring MRTG

noreply@blogger.com (Catur) — Wed, 23 Jun 2010 03:09:00 +0000

This tutorial will explain how to monitoring tables records from MySQL database.
I assume that reader have installed MRTG, if not please refer to this URL

http://oss.oetiker.ch/mrtg/doc/index.en.html

Ok, now lets do step by step

/*
* STEP 1
* Assume mrtg configuration file on /var/www/html/mrtg/cfg/
* Create bash script and give name db_executor
* Change USER, PASSWORD and DATABASE_NAME
*/

#!/bin/sh
echo 0
mysql -hlocalhost -uUSER -pPASSWORD -e "$1" DATABASE_NAME | tail -1
echo 0
echo "Queued Items"

/*
* STEP 2
* Create mrtg configuration file
* I give name payment_monitoring.cfg
*/

EnableIPv6: no
WorkDir:/var/www/html/mrtg/
Options[_]:nopercent,growright,nobanner,nolegend,noinfo,gauge,integer,transparent,noi

Target[payment]: `/var/www/html/mrtg/cfg/db_executor "SELECT COUNT(0) FROM tblPayment"`
PageTop[payment]:

Payment

MaxBytes[payment]: 100000
Title[payment]: Payment
YLegend[payment]: records
ShortLegend[payment]:
LegendI[payment]:
LegendO[payment]:records

/*
* STEP 3
* Test mrtg configuration file and generate html
*/

#mrtg /var/www/html/mrtg/cfg/payment_monitoring.cfg
#indexmaker /var/www/html/mrtg/cfg/payment_monitoring.cfg > /var/www/html/mrtg/payment.html

That's it 3 step to monitoring table. Hope this tutorial can help.

Find all large files on a Linux machine

noreply@blogger.com (Catur) — Mon, 25 Jan 2010 04:04:00 +0000

Finds all files over 20,000KB (roughly 20MB) in size and presents their names and size in a human readable format:

Command :
find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

Generating Java client bindings from WSDL with AXIS

noreply@blogger.com (Catur) — Wed, 25 Nov 2009 03:51:00 +0000

This post based on Axis documentation to generate java client code from WSDL :

WSDL2Java: Building stubs, skeletons, and data types from WSDL

http://ws.apache.org/axis/java/user-guide.html#WSDL2JavaBuildingStubsSkeletonsAndDataTypesFromWSDL

List of library from Axis you should have :
===========================================
- axis.jar
- commons-discovery-0.2.jar
- commons-logging-1.0.4.jar
- jaxrpc.jar
- log4j-1.2.8
- saaj.jar
- wsdl4j-1.5.1.jar

Generate the code :
===================
1. Create directory for example "clientWSDL"
2. Create BAT file which looks like this :

@echo off
java -cp lib\axis.jar;lib\commons-discovery-0.2.jar;lib\commons-logging-1.0.4.jar;lib\jaxrpc.jar;lib\log4j-1.2.8;lib\saaj.jar;lib\wsdl4j-1.5.1.jar org.apache.axis.wsdl.WSDL2Java %1 %2 %3

save this BAT file with name wsdlTojava.bat.

3. wsdlToJava.bat need axis library that can found on directory "lib".
4. Inside directory "clientWSDL", create sub directory and give name "lib".
5. Copy all axis library inside "lib" sub directory.
6. To generate, type like this :

wsdlTojava.bat http://?wsdl

Hope this post can help..

Clear the cache from memory on Linux

noreply@blogger.com (Catur) — Wed, 18 Nov 2009 03:03:00 +0000

Linux has a supposedly good memory management feature that will use up any "extra" RAM you have to cache stuff. This section of the memory being used is SUPPOSED to be freely available to be taken over by any other process that actually needs it, but unfortunately my Linux (three distros now, Centos 5 64 bit) thinks that cache memory is too important to move over for anything else that actually needs it.

I have 8 GB RAM in my server. Whenever there is no cache being stored in the memory (i.e. when I first boot the computer), everything runs great. But as soon as it fills up with cache, my server starts feeling like can't breath normally. It's terrible..

Luckily, I found a way to clear out the cache being used. Simply run the following command as root and the cache will be cleared out (Thankyou for Google).

Linux Command :
sync; echo 3 > /proc/sys/vm/drop_caches

Show Oracle Hidden Parameters

noreply@blogger.com (Catur) — Fri, 17 Jul 2009 06:38:00 +0000

Want to know oracle hidden parameter? Try to execute this query :

SELECT X.KSPPINM NAME, DECODE(BITAND(KSPPIFLG/256, 1), 1, 'TRUE', 'FALSE') SESMOD, DECODE( BITAND(KSPPIFLG/65536, 3), 1, 'IMMEDIATE', 2, 'DEFERRED', 3, 'IMMEDIATE', 'FALSE' ) SYSMOD, KSPPDESC DESCRIPTION FROM SYS.X_$KSPPI X WHERE X.INST_ID = USERENV('INSTANCE') AND TRANSLATE(KSPPINM,'_','#') LIKE '#%' ORDER BY 1 ;

Hope can help..

Instalasi OpenVPN Server on CentOS 5.3 64 bit

noreply@blogger.com (Catur) — Tue, 07 Jul 2009 03:39:00 +0000

OpenVPN are SSL VPN solution that full open source and have complete feature. If you want implement Virtual Private Networking that secure and simple, you should try this.

On this tutorial, we will install OpenVPN using custom rpm package that build from the tarbal. Make sure your kernel support for TUN/TAP interface. See kernel documentation to enable this TUN/TAP.

First, you should get lzo package and openvpn tarbal. You can get from this URL :
Download lzo 2.03 package

Download OpenVPN 2.0.9 tarbal

Install more package that needed on compilation :
[root@server1 ~]#yum install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Build LZO
On this step, we will build lzo rpm.

[root@server1 ~]#rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
[root@server1 ~]#rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm

Build OpenVPN
On this step, we will build OpenVPN from the tarbal

[root@server1 ~]#rpmbuild -tb openvpn-2.0.9.tar.gz
[root@server1 ~]#rpm -Uvh /usr/src/redhat/RPMS/x86_64/openvpn-2.0.9-1.x86_64.rpm

Until this step, you have been install openvpn and lzo. Next step you should follow this link to configure your OpenVPN :)

Configure OpenVPN

Hope this can help..

How to change system date in Linux

noreply@blogger.com (Catur) — Tue, 07 Jul 2009 03:29:00 +0000

This morning i need to change system date in linux to test one of my application. After googling for sometime, i manage to find out how to change system date in Linux using command line.

To change system date in linux, type :

[root@server1 ~]#date MMDDhhmmYYYY.ss

For example: i want to change my system date to Jul 07 2009, 10.20am, i will type:

[root@server1 ~]#date date 070710202009

Note:
MM – month
DD – day
YYYY – year
hh – hour is based on 24 hour
mm – minutes
ss – seconds

Install JDK 1.6 on Centos X86_64

noreply@blogger.com (Catur) — Thu, 11 Jun 2009 06:27:00 +0000

By default, Centos 5.3 64Bit having Java version 1.4.2. Now I would like to update this Java to version 1.6.

Here is the step :

Step 1
======
Visit Sun’s web site and download the latest version of Java (the *.bin file not the *-rpm.bin) (http://java.sun.com/javase/downloads/index.jsp)(pay close attention to choose 64bit(Linux x64) version on Platform combobox)

Step 2
======
[catur@hatori]# cd /opt/
[catur@hatori]# wget "[URL_OF_THE_JAVA_64BIT_.bin]"
[catur@hatori]# /bin/sh jdk-6u14-linux-x64.bin

Step 3
======
Setup the alternatives correctly

[catur@hatori]# alternatives --install /usr/bin/java java /opt/jdk1.6.0_14/bin/java 2
[catur@hatori]# alternatives --config java

There are 2 programs which provide 'java'.

Selection Command
-----------------------------------------------
*+ 1 /usr/lib/jvm/jre-1.4.2-gcj/bin/java
2 /opt/jdk1.6.0_14/bin/java

Enter to keep the current selection[+], or type selection number: 2
[catur@hatori]#

Step 4
======
Check to make sure the install was a success

[catur@hatori]# java -version
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) 64-Bit Server VM (build 14.0-b16, mixed mode)
[catur@hatori]#

Find out the Top 10 SQL request

noreply@blogger.com (Catur) — Fri, 29 May 2009 06:14:00 +0000

How to identify heavy SQL (Get the SQL with heavy BUFFER_GETS or SQL with heavy DISK_READS
) ??

You can do with this query :

IDENTIFY heavy BUFFER_GETS
==========================

select sql_text ,executions ,disk_reads ,buffer_gets
from v$sqlarea
where decode(executions,0,buffer_gets,buffer_gets/executions)
> (select
avg(decode(executions,0,buffer_gets,buffer_gets/executions))
+ stddev(decode(executions,0,buffer_gets
,buffer_gets/executions))
from v$sqlarea)
and parsing_user_id != 0

IDENTIFY heavy DISK_READS
=========================

select sql_text ,executions ,disk_reads ,buffer_gets
from v$sqlarea
where decode(executions ,0,disk_reads,disk_reads/executions)
> (select
avg(decode(executions,0,disk_reads,disk_reads/executions))
+
stddev(decode(executions,0,disk_reads,disk_reads/executions))
from v$sqlarea)
and parsing_user_id != 0

Result from the query, can help you make better query for better performance.

Kill Locking Query

noreply@blogger.com (Catur) — Fri, 29 May 2009 06:03:00 +0000

Oracle can lock row based on where condition that we use. For example :

SELECT ID, NAME FROM EMPLOYEE WHERE ID='123' FOR UPDATE OF ID;

with this query, ID 123 will be hold until we give command COMMIT or ROLLBACK.

It will be nightmare if no COMMIT or ROLLBACK for this query, no one can update or delete this row.
To force kill this locking you should do something like this :

select oracle_username,object_id,session_id from v$locked_object;

select sid,serial# from v$session where sid=[session_id];

and then kill with the alter command :

alter system kill session '_object_id,_sessions_id';

Hope this post can help.

Flush SGA

noreply@blogger.com (Catur) — Fri, 29 May 2009 05:52:00 +0000

Execute this command to flush your Oracle SGA.

alter system flush shared_pool;

alter system flush buffer_cache; <<--Available from 10g

Free Download OpenOffice.org 3.0.0 RC2

noreply@blogger.com (Catur) — Tue, 23 Sep 2008 01:28:00 +0000

As an alternative to Microsoft Office suite, Open Office is a free and open source international office suite that runs on all major platforms and provides access to all functions and data through open-component based APIs and an XML-based file format. It has a MS Word compatible word processor, a comprehensive MS Excel spread sheet program, a presentation application which is similar to MS Power Point and a drawing program. This office suite is comparable to Microsoft and is in no way less effective or competitive. It allows users to save PDF files, enhance printing capabilities, establish direct connection with external email programs and so on.

Users who want another option from Microsoft can download this free Office suite, OpenOffice.org 3.0.0 RC2 via the link here.

Download Now

Free IEHistoryView Tool to Track Visited Website

noreply@blogger.com (Catur) — Tue, 23 Sep 2008 01:20:00 +0000

Have you ever thought of how to track the history of visited URL in the computer for specific reason like to monitor if a person has visited any illegal website? Here is a powerful tool that can help to achieve this. Named as IEHistoryView, it is a simple and yet powerful tool that is able to display an useful information, allowing user to view report and edit the entire URL lists which are stored in history file with a user friendly interface.

Most of you probably aware that the URL typed in the address bar or the link clicked in Internet Explorer will be kept to the history index file. The logic of how IEHistoryView works is it will read all information kept in the history file and display them in a well designed window. This tool will not only display the URL lists that had been visited, but it also display useful information such as the title of the page, how many hits on the page, modified, expiration date of this URL and more. All this data can be grabbed just in the first glance of view, or save as data in txt or html format for future analysis purpose. This tool is also enhanced with features such as show all Google searches, delete the selected URL from history file, bookmark any selected URL, copy the selected URL in clipboard in tab delimiter or regular format, monitor the visited URL of the same computer but with different user profile, or even the remote computer as long as you have permission to access to the history folder and etc. Internet Explorer saves older information in history subfolder, so in case you would like to view older information, just go to File -> Select History Subfolder.
The history folder location may vary from one operating system to another. For instance, Windows 2000/XP is stored under C:\Documents and Settings\{user profile}\Local Settings whereas Windows 98 is stored under c:\win98. IEHistoryView is capable to auto detect the history folder when it is first launched and set is as default. However, you can change the default history folder at your preference by going to File -> Select History Folder. Another powerful feature of this tool is, you are allowed to translate all menus to any language as you prefer, by following below instructions:
1) Open dos prompt, cd to the directory of iehv.exe
2) Type ‘iehv.exe /savelangfile’ in the command prompt and press enter
3) iehv_lng.ini file is created in the current folder, edit this file with notepad and translate it to any language as you like, then save it.
4) Launch iehv.exe, you will see all menus are displayed in the language you have translated to.
5) You can restore the setting back to original by deleting iehv_lng.ini.
This tool is compatible with any version of Windows operating system installed with Internet Explorer version 4.00 and above. It has also tested working fine with Internet Explorer 8.0 beta version. It is a standalone freeware that comes together with 3 files in a package (iehv.exe , iehv.chm, readme.txt). It doesn’t require any installation, what user needs to do is just go to here to download this package which only consume 61.3KB of your hardisk space, and launch this application by executing the exe file.

Download now

Joomla Weak Random Password Reset Token Vulnerability

noreply@blogger.com (Catur) — Sat, 13 Sep 2008 04:22:00 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Joomla Weak Random Password Reset Token Vulnerability
Release Date: 2008/09/11
Last Modified: 2008/09/11
Author: Stefan Esser [stefan.esser[at]sektioneins.de]

Application: Joomla <= 1.5.7
Severity: Usage of mt_rand() and mt_srand() for generation
of cryptographic secrets like random password
reset tokens
Risk: High
Vendor Status: Vendor has released a partially fixed Joomla 1.5.7
Reference: http://www.sektioneins.de/advisories/SE-2008-04.txt
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Overview:

Quote from http://www.joomla.org
"Joomla is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications.
Many aspects, including its ease-of-use and extensibility, have
made Joomla the most popular Web site software available."

During an analysis of the password reset vulnerability fixed in
Joomla 1.5.6 we realized that Joomla does not only generate random
password reset tokens with mt_rand(), which is not secure enough
for cryptographic secrets anyway, but additionally initializes the
PRNG with a weak seed that results in less than 1.000.000 possible
password reset tokens.

Because there are only 1.000.000 possible password reset tokens an
attacker can trigger a reset of the admin password and then try out
all possible password reset tokens until he finds the correct one.
Even with a home DSL line (as used in germany) breaking into the
admin account should be possible in less than 3 hours. However
attackers are usually bouncing over much faster hosts.

In response to our report Joomla 1.5.7 was released (without sharing
the patch with us prior the release) which replaces the very weak PRNG
seeding with a new seed that is about 2^32 in strength. While this
stops the simple brute forcing attack Joomla's password reset token
is still vulnerable to mt_rand() leak attacks and because Joomla still
seeds the PRNG with mt_srand() it is a potential threat to other PHP
applications or plugins using mt_rand() on the same server.

Details:

The problems arising from using mt_(s)rand for cryptographic secrets
and possible attacks against PHP's PRNG and PHP applications using it
are explained by the blog post "mt_(s)rand and not so random numbers"
which is available here:

http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Proof of Concept:

SektionEins GmbH is not going to release a proof of concept
exploit for this vulnerability.

Disclosure Timeline:

15. Aug 2008 - Sent notification to Joomla about the vulnerability
20. Aug 2008 - Resent notification because no reply from Joomla
20. Aug 2008 - Received confirmation
21. Aug 2008 - Received a forwarded message from vendor-sec discussing
the vulnerability - obviously Joomla shared our report
with vendor-sec without asking or notifying us.
21. Aug 2008 - In a reply to the forwarded message we recommended NOT
TO USE mt_srand for the password reset
03. Sep 2008 - On Joomla.org appears a blog post notifying their users
that they should upgrade to Joomla 1.5.6 immediately
because of security issues with the password reset
09. Sep 2008 - The Joomla Development Team releases Joomla 1.5.7
without telling us about this or consulting us to review
their patch
11. Sep 2008 - Public Disclosure after learning about the new
Joomla 1.5.7 in the media

Recommendation:

It is recommended to upgrade not only to the latest version of Joomla
which also fixes additional vulnerabilities reported by third parties,
but also to install the Suhosin PHP extension, which comes with a
generic protection against mt_(s)rnad vulnerabilities.

Upgrading only Joomla does not fix the whole problem.

Grab your copies at:

http://www.joomla.org
http://www.suhosin.org

CVE Information:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
not assigned a name to this vulnerability yet.

GPG-Key:

pub 1024D/15ABDA78 2004-10-17 Stefan Esser
Key fingerprint = 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78

Copyright 2008 SektionEins GmbH. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjJLHkACgkQSuF5XhWr2njUYQCgq+5P1O+7llh32KXcCHqdQ/C4
QWoAoJGF6jt3rDyNM3ESDlfUA/NxW3f9
=AA3y
-----END PGP SIGNATURE-----

Original Post : http://www.securityfocus.com/archive/1/496237/30/0/threaded

Defragment Hard Drive with IObit SmartDefrag 1.0 Final

noreply@blogger.com (Catur) — Sat, 13 Sep 2008 04:17:00 +0000

One of the main causes to the slow and unstable computer performance is due to disk fragmentation. To improve the efficacy of the hard drive and optimize the system’s performance, users need to carry out defragmentation of their hard drive periodically. If users are not comfortable with Windows’built in defragmentation program, we have introduced a tiny defragmentation tool, mst Defrag, in our earlier post. Alternatively, users can try this newly released IObit Smart Defrag 1.0.

Similar to mst Defrag, SmartDefrag works automatically and quietly in the background on users’ computers without much interface or interruption to users’ work. Its automatic defragmentation process will continually and constantly keep users’ computer fragment-free. Smart Defrag is designed for new, modern and large hard drives. Besides performing defragmentation, this application also streamlines users’ file system, places the frequently used files and directories into the fastest area of the disk enabling users’ computer to run at top speed with the utmost stability.

IObit SmartDefrag 1.0 Final version is a freeware. Users can download it via the link here. How SmartDefrag works? Let’s watch:

Download IObit SmartDefrag 1.0 Final

Original Post : http://www.mydigitallife.info/2008/09/11/defragment-hard-drive-with-iobit-smartdefrag-10-final/

Download PowerSMS Beta Version for Windows Mobile Devices to Handle SMS More Efficiently

noreply@blogger.com (Catur) — Sat, 13 Sep 2008 04:14:00 +0000

If you love sending SMS more than voice call, then this tiny software utility will help you. Named as PowerSMS, it is a lightweight Windows Mobile application that offers 6 different powerful text messaging features to help users handling daily SMS activity in more efficient way.

Although the new application is still in beta version, but it seems to work great as of now. I personally found that the Group Messaging feature to be very helpful in the event when user needs to send an invitation or similar SMS to a group of friends or family members simultaneously. Besides, there is a Schedule SMS feature that allows user to schedule to send a SMS at a predefined time. It could be a simple reminder to own self or a birthday greeting to friends at any time. That is not all, an Auto reply feature will be able to automatically reply to a missed call once it is enabled. Meanwhile, there is a Cool Stats feature that can summarize and show interesting information such as Average message being received per day, most active SMS day of the week, most active contact and etc. Last but not least, user can do the SMS backup to be archived in either .CSV or .XML format for later retrieval or to be transfered to other mobile devices during a phone upgrade.

If you think this application suits your need, just go to download the cab file at PowerSMS at no cost.

Download PowerSMS

Locate Local Businesses Via Google New “Search with My Location” Service

noreply@blogger.com (Catur) — Sat, 13 Sep 2008 04:10:00 +0000

When we are away in a new area or an unfamiliar neighborhood, we may have difficulties to locate the local businesses available in that area, e.g. restaurant, shopping mall, etc. As we are traveling or on the move, it is quite inconvenient to open our computers and search for the relevant places. This is quite a typical problem frequently faced by travelers, especially businessmen. Problems to locate your appointment venue probably might cause you to lose your million-dollar deal or make your clients upset. To cater for users’ need in this area, Google has announced a new service for Windows Mobile phone users called Search with My Location.

By using the Gears Geolocation API technology, Google’s “Search with My Location” service can locate and approximate users’ actual location using the same Cell ID technology applied in Google Maps mobile. The search result will revert to users the nearby businesses requested by users. For instance, if users are looking for Japanese restaurants in this neighbourhood, users could just type in “Japanese Restaurants” and Google will enlighten users with a list of Japanese restaurants in that area. This “Search with My Location” feature goes beyond identifying venues. Users can even use it to do, for example, weather forecast.

This search feature currently is available for Windows Mobile Phone users who are running Internet Explorer Mobile. Users can check out whether their phones are compatible with this service from the list here. If users’ phones are compatible, users can now surf Google.com and click the My Location Link to start enjoying the feature. At this point of time, this smart search service is only usable in US and UK. However, Google said that wider support will be available as it continues to enter into agreements with vendors.

Google shows you how this service works:

Original Posting : http://www.mydigitallife.info/2008/09/12/locate-local-businesses-via-google-new-search-with-my-location-service/

South Korea claims North sent spyware

noreply@blogger.com (Catur) — Fri, 05 Sep 2008 03:09:00 +0000

South Korea became the latest nation to accuse a rival of attacking its computers systems.

In media reports published on Tuesday, unnamed South Korean officials claimed that North Korean hackers had apparently attempted to compromise the computers of several South Korean military officers. In the latest attack, a Trojan horse program had been sent to a colonel at a field Army command, according to a report by news agency Agence France-Presse.

Military officials are concerned that the sender of the e-mail knew the identity and other information about the colonel, according to a report in the Chosun Ilbo, a major South Korean newspaper. Authorities have suggested that Won Jeong-hwa, a female refugee accused of seducing military officers to gather information, may have delivered the names of key military personnel to North Korea.

Security researchers said that such revelations will likely become increasingly common.

"As the people responsible for protecting IT systems from attack, we may have little respect for hackers and malware authors," Graham Cluley, senior security consultant at antivirus firm Sophos, stated on the company's blog. "But we have to increasingly recognize that the hands of our own governments may be less than lily-white themselves."

China has been implicated in a number of attacks against U.S. government systems, including those of certain lawmakers. Other nations -- including Germany, Belgium, India and the United Kingdom -- have also accused the Chinese of espionage activities using the Internet. Both the U.S. Senate and House of Representatives have held hearing over the increasing number of attacks and the state of the U.S. government's network defenses.

China is not alone. Germany faces criticism over its intelligence agency's use of software designed to spy on other countries' officials. Beginning in June 2006, Germany's intelligence agency -- the Bundesnachrichtendienst (BND) -- allegedly launched an information attack against the Ministry of Commerce and Industry of Afghanistan, ostensibly an ally, and before that against the Democratic Republic of the Congo.

South Korean officials refused to describe the extent of any compromises caused by the attacks, according to reports.\

taken from : http://www.securityfocus.com/brief/812

Security of Google's browser gets mixed marks

noreply@blogger.com (Catur) — Fri, 05 Sep 2008 02:52:00 +0000

by Robert Lemos, SecurityFocus

When Google unveiled its browser on Tuesday, the search giant boasted that the software's design puts security front and center.

The browser, christened Chrome, takes a minimalist approach to browsing by doing away with extra bars and buttons and putting the tabs on top. The real difference, however, appears to be under the hood: Google has coded the browser to use a separate process for each tab and to sandbox -- or jail -- the applets running in each tab, protecting the application from crashing and the user's data from prying eyes.

"What we feel we can do is raise the bar in security in browsers," said Darin Fisher, a software engineer and Chrome developer at Google. "We think we are raising it fairly steeply by including a sandbox."

Browser security has never been more important. Attackers are increasingly compromising legitimate Web sites with infectious code, or sneaking malicious ads into advertising networks, to spread bot software and data-stealing programs. Last year, computer-security researchers at Stanford University found that $100 could buy enough advertising impressions to potentially infect 100,000 users. In April, security professionals warned that the lack of input validation put Web sites' databases at risk of becoming co-opted by attackers.

Browser makers have taken the threat seriously. Both Mozilla and Opera have released updated versions of their browsers with the ability to blacklist sites hosting malicious code. Microsoft's Internet Explorer 8 will have a similar feature as well as some protection against cross-site scripting attacks and the ability to browse without saving cookies or the history of Web sites visited.

Google's Chrome will also include the same anti-malware technology as Mozilla's Firefox and also offers a privacy-enhanced browsing feature called Incognito, similar to Microsoft's private browsing mode. Yet, other features are missing, said Billy Hoffman, manager of Hewlett-Packard's Web security group.

"They really have no features at all to help users understand the security of the Web sites they are dealing with," Hoffman said. "Their security is focused on protecting the operating system from the application."

Hoffman likes features such as Firefox 3's easy access to more information about the current Web site, including whether they have visited the site before, whether the site is using encryption and the ability to view stored cookies and passwords for the site. Hoffman also likes Microsoft's attempts to protect against cross-site scripting flaws and cross-site request forgery, he said.

Yet, viewed as an incomplete work-in-progress, Google's browser is a good start, said Jeremiah Grossman, chief technology officer for Web security firm White Hat Security. With another company in the browser market focusing on security, the competition will result in better safety for users, he said.

"Competition does good things," Grossman said. "Not only do you get better quality of code and better quality products, but you get more choices in features and more focus on security. Security for security's sake does not get you very far."

Because Chrome is Google's browser, the software will also find itself intensely scrutinized by security researchers, he said. Within 24 hours, flaw finders will have likely found the first security vulnerabilities, Grossman added. (Editor's note: Indeed, in the first day, two researchers found flaws in the software, including a variant of the carpet-bombing attack.)

"Attackers are very clever and researchers are very clever," said Brian Rakowski, product manager for Chrome at Google. "If something does come up, I hope that people judge us by our response."

In the end, whether the browser measures up will depend on its ability to weather the assault of security researchers and the company's ability to deliver on security features as good as, or better than, those found in other browsers. But, for Google, the success of its browser project will not be in taking over the market, but making the products -- including competitors' software -- better, said Rakowski.

"Security is important for the health of the Web in general," he said. "We don't want to compete on those features. We want everyone to adopt them."

taken from : http://www.securityfocus.com/news/11533