Wednesday, December 8, 2010

LOIC: DDOS for Dummies

As if life is not hard enough for Information Security Professionals, here comes another "tool" that makes Distributed Denial of Service (DDOS) attacks easier.  Feast your eyes on the Low Orbit Ion Cannon, LOIC for short.  This "tool" is an easy way to perform denial of service attacks using a GUI and all a script kiddie needs to do is to point it at a website and BAM! Instant DDOS!

Used alone, LOIC may not generate enough TCP, UDP and HTTP request to disrupt the services of a target website but put it in the "Hivemind" mode, your machine becomes a part of a DDOS army that is, as of this writing, attempting to perform a DDOS attack on VISA, Mastercard and other financial institutions that pulled out support for Wikileaks.

Monday, December 6, 2010

iOS + Android: Makes Sense to Me (for now)

A few weeks ago, I decided to replace my Blackberry Curve with an HTC Desire running Android 2.2 (Froyo). A few weeks after that, the geek-who-must-not-be-named gave me an offer on a previous generation iPod Touch which I can't refuse.
Before I got my grubby little hands on the iPod Touch, I was content with using the HTC Desire as a temporary replacement to both my Blackberry and iPad. I was quite happy with it though I really miss my iPad's vast screen real estate. Screen size aside, the Desire was quite a capable gadget. Together with an unlimited internet plan and a host of apps, I was quite happy with it. I was able to do a lot of things I often did with my iPad but something was definitely missing and I can't seem to put my finger on it.
Then the iPod Touch came. It obviously needs Wifi in order to be more useful to me and that's where the Desire's Froyo came in: its built-in Wifi hotspot function has virtually gave me an iPad replacement. Using the iPod Touch + Desire combo, I was able to be online whenever I need to. The iPod Touch's superior browser (Safari) is more useful (at least for me) than what was in the Desire and I was back to playing my social games (We Rule, We Farm, We City, etc.). Little apps like PingChat, Notesy, Read it Later and DropBox makes this an outstanding (and temporary) little iPad replacement.

The iPod Touch is no iPad but for now, it has been providing me with the functionality + fun factor in such a way that I no longer miss my iPad as much -- that is until the iPad becomes locally available in a few day's time -- according to rumors Dec. 16, 2010.

But until that time comes, these two gadgets are a contant companion providing me with the functionality and fun factor I used to get with my lost iPad.

Tuesday, November 30, 2010

Quickie Note: Zuma Blitz on Facebook!


After the hit Facebook game Bejeweled Blitz, comes ZUMA Blitz! Apart from Bejeweled, Zuma is one of my favorite casual games and it has saved my sanity from boredom countless of times. I was lucky enough to be able to access their "exclusive beta" and all I can say is WOW!

The Facebook version of Zuma is really good and I foresee a lot of people "wasting" countless hours controlling The Frog.

Thursday, November 25, 2010

Eliminate the Firesheep Threat with Blacksheep


A few weeks ago, the security community was rocked with the news of the release of a Firefox plugin called "Firesheep". FireSheep, once plugged-in to Firefox, is capable of hijacking sessions of users within a network. It raised a big concern because everyone who uses Facebook, Twitter, Gmail, Yahoo Mail and other web services are fair game if they access their accounts on a "free" and unsecured Wifi hotspot.
In order to minimize the threat posed by Firesheep, security experts recommends the use of other Firefox plug-ins that forces SSL connection to those web services. That holds true up until now. By making sure that there is a secure session between your browser and your favorite web service, Firesheep should not be able to hijack your accounts. Another way to mitigate the threat posed by Firesheep, one may also use a VPN service to make sure that ALL web traffic to and from your computer is encrypted.

But if you want to take things further, you can also install a plug-in called Blacksheep. Blacksheep, like Firesheep is also a Firefox plug-in but instead of hijaking accounts on the network, it detects the presence of Firesheep -- making the user aware that there is a "bad guy" in the vicinity that is trying to do something nasty to other users in the network. Blacksheep, however, can not be installed if Firesheep is already installed because these two plug-ins share a lot of common codes.

Let me just reiterate this: Blacksheep will NOT protect its users from session hijacking done using Firesheep. It will only help users know if someone is doing session hijacking on a network. In order to protect yourselves from the threat posed by Firesheep (and other similar exploits), it is still best to make sure that your web surfing session is secured either by SSL or by using a VPN.

Tuesday, November 23, 2010

UPDATED: Prey: Track Lost/Stolen Gadgets

Ok, I admit. I lost gadgets due to theft. The last incident was especially painful to me because thieves were able to run off with the following devices: An Asus laptop, an iPad and a Blackberry.


I find the incident ironic because a few hours before the theft, I read about Prey, a free web-based service that tracks lost gadgets (laptops, phones, etc.) and I wasn't able to install it on my gadgets immediately. However, after getting replacements for most of the lost gear, I now have Prey installed on my new laptop (a Samsung R220) and my cellphone (HTC Desire).

Using Prey is quite simple. Register a free account at the Prey Project website, then install the Prey agents on your devices. And that's that! Once your gear gets lost of stolen, it is just a matter of logging on to the Prey website and flagging your device as "lost". Once you've flagged it as lost, you can do the following:
  • Detect all active network connections (be it wired, wireless, etc.)
  • Detect the name of nearby Wifi hotspots
  • Detect the general location of the device
  • Get screenshot of the current desktop (laptop only)
  • Get list of running programs (laptop only)
  • Capture image from the webcam (laptop only)
  • Change the wallpaper and inform the current user that the device he/she is using is stolen/lost
  • Make the device sound an alarm
  • Lockdown the system until the Prey password is entered (laptop only)
I already tested Prey on my laptop and it works as advertised. I am still having trouble activating it on my Android phone but I'm sure I can work it out in time.

Prey is compatible with Windows, Mac, Linux and Android. Support for other phone OS (iOS and presumably Symbian) is said to be in development.

UPDATE: Activating Prey on an Android phone turns out to be easy! Just text in your SMS Activation Message as it is shown on Prey's control console on the phone (if the message is shown in ALL CAPS, send the SMS as ALL CAPS too) and it Prey will "do its magic".

Saturday, November 20, 2010

UPDATED: The Power Bar - Extending My HTC Desire's Battery

A few weeks ago, I decided to jump the Blackberry ship and switch to Android. Upon the recommendation of the "geek-who-must-not-be-named", I decided to get an HTC Desire. The Desire is a feature-packed and slick phone (review to follow) but it has one major weakness, its battery life.
In order to maximize the power of the HTC Desire, I decided to try out CDRKing's Powerbar. Accordint to the website:
• Meet an emergency when you go outside or in a trip, and the power off, you can charge your mobile phone with the portable Lithium-ion Polymer battery.
• Convenient whenever and wherever you are, you can charge your mobile phone in time, and you could talk with others while charging.
• High-efficiency charging 2.5 hours, the battery could transfer the energy to your mobile phone for at least 3 times.
• Environmental-protection it can be recycled.
• Modern and portable modern design, small size, convenient to take it with you.
• High-security, no explosion
The Powerbar can be charged any spare USB port of a computer and it can also be charged using an AC USB adaptor. It comes with several "tips" that fits different cellphone make and models. Unfortunately, it does not come with a tip that fits the HTC Desire. Good thing I can use the USB cable that came with the Desire. The Powerbar is encased in a plastic case with a rubbery feel and feels rather light.

I tested the Powerbar and it is capable of charging my phone from 50% to 100% in approximately 20 minutes. When I checked the Powerbar itself, it still have some juice left over.

All in all, I think the Php 880 I payed for it is well worth the money. It works as advertised and it gives me the peace of mind that I won't run out of juice while out on the road.

UPDATE:
Just for kicks, I purposely semi-drained my HTC Desire down to 29% battery capacity and tried to see how much juice the Power Bar will give it. So I plugged the Power Bar to the phone and it charged the Desire. After approximately 2 hours, my HTC Desire battery level went up to 69% capacity. Now given that I charged the Power Bar last week and I never charged it in between, and it gave my phone 40% of its capacity after a 2 hour charging time, I guess the money I paid for it is really worth it.

Friday, November 19, 2010

Shameless Plug

My friends (fellow geeks) has started up a website called Technoodling. I am proud to say that I know most of its writers and it features (mostly) the local technology scene. Take time to visit them and if you like the contents of this blog, I'm sure you'll love the contents of Technoodling.

Technoodling.net: Scouring the Philippines for the latest gadgets and electronic toy that has the Filipinos in its throes, Technoodling will act as your appetizer, main course and dessert for all your gadgetry cravings.

About this blog

From Talkin' Tech, I decided to re-re-re-invent (that's re-invention three times over) myself. Back when I was active in my other blog, I was a big Apple fan but as the years went by, things has changed so much that I stopped being locked in to any specific technology. I still love Apple but since I work in a predominantly Windows-based workplace, I can't simply ignore Microsoft Technology.

At present, I have Apple products (iOS devices and an on-going experiment to run OSX on a netbook), a Linux netbook, a Windows 7 laptop, and an Android phone. If that's not "platform agnostic" enough, my day job involves working with Windows Servers, Linux, IBM Websphere, TANDEM and to some extent, IBM z/OS.

I will mostly write about personal review of gadgets I encounter, applications for the various platforms I use, technology that catches my eyes, and the occasional information security alerts, Information Security being close to my heart because it currently brings food to my table.

As always, I hope I find enough time to keep this blog alive with personal insights on the various technologies I work with.