Scriblings Of A GEEK

Introduction to PHP

2007-10-28T11:28:00.001+05:30

Hello,while reading on php came across this link..http://www.onlamp.com/pub/a/php/2001/02/22/php_foundations.htmland the pointer on this site http://www.onlamp.com/pub/ct/29 is a good collectionMay be you will would like to check them.ThanksVarun

Singapore and Taipei go WiFi

2006-12-04T21:22:00.000+05:30

Singapore and Taipei governments have started to build a complete WiFi coverage for the entire city with Singapore offering a free 512 Kbps to all users.Man why cant we have this in India.When would the government wake up to the era of internet.Am i too aggressive, whats do my reader feel.Nitin !!!!

I am blogging again :)

2006-10-15T21:37:00.000+05:30

This is to all my readers that have not seen any update on the Blog since a year ...... yes i have been too overloaded with work and i have been promising myself to return to blogging but i keep breaking it.Now with this first post i am promising to return to blogging with atleast 2 posts a week.i am goona write more in network and network security which is what i have been doing day in and day

IQARA going from bad to worse in my area (Navi Mumbai)

2006-03-31T23:22:00.000+05:30

Hey guys ..... and all my friendsAs usual sorry for not posting since long but my work eats into all my time, but being a network engineer i could help pointing out IQARA in Mumbai (Bombay) has been going from bad to worse these days.I haven't been able to download mails (>300 KB) from home and my mail server is just 50 ms away from my home connection. trying to do some analysis with traceroute

Geek Falls In Love

2005-11-15T23:06:00.000+05:30

A geek in love would write some kind of poetry below :roses are #FF0000 violets are #0000FF all my base are belong to you ThinkGeek has put it on a tee shown below.Looks great to me what say ??Nitin :)

Life and a Can of Beer...

2005-11-15T20:06:00.000+05:30

Found a Nice one while reading .... would term is as IMPORTANT things in lifeWhen things in your life seem almost too much to handle, when 24 hours in aday are not enough, remember the mayonnaise jar........and the beer.A professor stood before his philosophy class and had some items in front ofhim. When the class began, wordlessly, he picked up a very large and emptymayonnaise jar and proceeded

Upgrading to bind 9.3.1

2005-10-26T14:32:00.000+05:30

This tutorial specially is for My friend Nikhil and my bro Abhinav.You just need to follow it step by and i have tried to comment everything which might need an explanation, if anyone feels i have left out anything please comment on it. It works fine on Redhat servers, think shld work on other versions too :)cd /usr/local# Downloading Bind ( you can check isc.org incase the ftp link does not work

Happy 10th anniversary to Cisco and PIX

2005-10-24T22:31:00.000+05:30

PIX stood for Private Internet Exchangeand was one of Cisco's first purchases on Oct 27, 1995. Cisco bought over PIX from Network Translation, Inc. (NTI), a networking manufacturer of cost-effective, low maintenance network address translation (NAT) and Internet firewall equipment.You can access the complete story from the cisco website here.As an added feature, I have added some scans of the

Like Google Desktop Search .... wanna get something similar on Linux

2005-10-24T10:30:00.000+05:30

Well Here is an appln that does almost the similar purpose as Windows application Google Desktop Search and the Mac OSX utility Spotlight. It is called KAT . It has a slew of supported file types including PDF and OpenOffice files.I am yet to try it out on my test machine at home but by what i read from the site looks exiting.You can read more on the KAT environment at kat.mandriva.comNitin :)

Hey Nikhil Welcome to blogging dude

2005-10-24T00:58:00.000+05:30

As i mentioned in my previos post bout Nikhil Parva, the most gentleman in our group, hes started writing a blog after me pestering him all the more about it :pA lill back ground bout him. He is the IT manager of a big time shipping company in India and it is really awsome to see him saving money for the company from all the corners.You can read his blog here.Below is an expert from his first

Yahoo! and MSN to partner on IM

2005-10-17T11:51:00.000+05:30

Group hug! Friends on Yahoo! and MSN can soon share instant messages.That is what Yahoo! is terming it as.Now with this what they say is that you can share your IM friend over clients. You can refer to it over here.Nitin :)

Loong time no posts

2005-10-15T14:48:00.000+05:30

Hey friends ..... yups it has been long time since there was no post .... i was kinda bored from writing ..... The good news is that one of my college friends Varun Agrawal has joined a web hosting company as a senior sysad and wants to start writing and mebe co-author this blog. Mebe this gets to start putting more posts.Till then take care and live goodNitinPS : Nikhil Parva (the most gentle

Microsoft Windows server with a vulnerable IIS5 installation

2005-07-19T13:32:00.000+05:30

Nice One with Whoppix.The author has provided you with an "over the shoulder" view of locating, probing, penetrating and 0wning a Microsoft Windows server with a vulnerable IIS5 installation.Highly recommended viewing. You'll get a nice idea of how useful the Knoppix-style distributions are and how powerful some of the tools are.You can see the video hereNitin :)

City of Vienna Chooses Linux

2005-07-06T16:43:00.000+05:30

(via Slashdot) Bill Kendrick writes "Back in January, ZDNet reported that the city of Vienna, Austria was looking to move at least a portion of its desktops to Linux. Well, it looks like it happened (in German; use the fish). Their official distro is based on Debian with KDE, and is called WEINUX." Source /.Nitin :)

PHP Blogging Apps Vulnerable to XML-RPC Exploits

2005-07-06T16:34:00.000+05:30

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.The flaw affects the XML-RPC function, which has many uses in

FreeBSD Tip

2005-07-06T15:39:00.000+05:30

After a long time putting up a FreeBSD tip :How to write protect important file (even root can NOT modify/delete it)If you have some internal application developed to manage the users and other stuff. However some admin still some time make changes /etc/passwd or /etc/master.passwd via sudo. Then the idea of file write protection comes. I suggested to use them chflags.This kind of write

Superimposing Google Satellite and Map images

2005-07-06T15:24:00.000+05:30

Surprising the maps are so inaccurate - I think it has something to do with Googles rendering, which sacrifices accuracy for pretty looking pictures.You can view it here.Nitin :)

Penetration Testing Tools

2005-07-04T11:53:00.000+05:30

I have been doing a lot of reading on penetration testing on Wireless networks and cracking WEP. I have found one of the best toolkits/Knoppix cd is Whoppix. It has everything you need to perform basic and some advanced penetration testing on a network. Their site also has some pretty interesting videos, for example how to crack WEP in under ten minutes.The other good one to be named here is

LOVE YOUR JOB BUT NEVER FALL IN LOVE WITH YOUR COMPANY !!!! ....

2005-07-03T20:22:00.000+05:30

Mr. Narayana Murthy is undoubtedly one of the most famous persons from Karnataka.He is known not just for building the biggest IT empire in India but also for his simplicity.Almost every important dignitary visits Infosys campus.This is interesting... A MUST READ for people doing Over-Time (OT) out there...An interesting speech delivered by a CEO of a premier IT company ofIndia during an employee

Too Cool

2005-04-07T14:06:00.000+05:30

What i am putting now may not sound too cool to al lot of ppl but i have almost configured remote access for my site.There are not of techniques like using the netscreen firewall and others but i am using the cheaper way to use the AUX port of one of my leased line routers.Will be putting a small how-to on what i did in a few hours, till then have a great day.Nitin :)

How the Best Path Algorithm Works in BGP-4

2005-04-04T13:36:00.000+05:30

BGP assigns the first valid path as the current best path. It then compares the best path with the next path inlist, until it reaches the end of the list of valid paths. The following is a list of rules used to determine the bestpath.Prefer the path with the highest WEIGHT.Note: WEIGHT is a Cisco-specific parameter, local to the router on which it's configured.1.Prefer the path with the highest

Command line BitTorrent client for Linux

2005-03-22T10:43:00.000+05:30

According to this post at Yahoo News " A third of all traffic on the internet is .torrent orignated ". How much of that legit content sharing / distribution ??BitTorrent released a command line based client for Linux and it works well with python 2.4 and it is really useful if you wanna download a file remotely via a ssh session.You can download python based linux Command line BitTorrent from

Fedora, is the fastest growing Linux distribution in the web server survey

2005-03-17T16:24:00.000+05:30

Fedora, the community-driven Linux distribution started by RedHat, is the fastest growing Linux distribution in the web server survey. Based on distribution names contained in the server banner, Fedora has outpaced all its rivals over the last six months, growing fastest both in absolute numbers and in relative terms.RedHat's strategy of reserving the RedHat brand for its commercial offerings,

GRE Tunelling and clrearing the DF bit

2005-03-17T15:08:00.000+05:30

A question sometimes is Why Can't I Browse the Internet when Using a GRE Tunnel?Sometimes when traffic goes through a generic routing encapsulation (GRE) tunnel, you can successfully use the ping command and Telnet, but you cannot download Internet pages or transfer files using File Transfer Protocol (FTP). This document explains a common reason for this problem, and offers several

What security breach could cost you your job?

2005-03-17T14:48:00.000+05:30

Worth Reading on the current security scneriao.Virus? Spyware? Loss of sensitive data... what's going to get you a P45 the quickest? IT bosses are fearful of losing their jobs in the event of a security breach – despite a survey on silicon.com today which would appear to show they have little grasp on the threats their companies are facing. Top fear and the fastest route to a P45 is an internet

Some of the IE 7 Features

2005-03-17T10:45:00.000+05:30

The features he listed are below.it's likely be a tabbed browser - real tabs! international domain name (IDN) support Portable Network Graphics (PNG) support, which will allow for the display of overlayed images in the browser simplified printing from inside IE 7.0 likely to include a built-in news aggregator (read RSS aggregator) reduced privilege mode will be the default no cross-domain

Fedora Core 4 Test 1 has been released

2005-03-16T10:59:00.000+05:30

Fedora Core 4 Test 1 has been released. This release comes with prereleases of GNOME 2.10, KDE 3.4, OpenOffice.org 2 as well the latest server software like MySQL 4.1.10 and PHP 5.0.3. Notable features of FC4test1 include:gcc 4.0 as the primary system compiler GNOME 2.10.0 Beta 2 includedThe Eclipse IDE included along with some featured pluginsA solid foundation of Java packages for developers (

How Miscommunication Takes Place in Office

2005-03-11T10:38:00.000+05:30

I picked it up via kiruba.com.A nice PIC on how Miscommunication Takes Place in Office.Worth a reading for sure

Wildcard DNS + Phishing = Convincing Bait URLs built

2005-03-09T14:57:00.000+05:30

Netcraft.com has a great article that discusses tricks that phishing scumbags use to create their latest rounds of deceptive emails.The trick described in this article combines wildcard dns, encoded URLs (surprise!) and the typical combination of HTML emails and authentic-looking websites.Some of the URLs function only in selected browsers. For example, the URLs using the pipe character will

Hey All Wishing you all a Happy Maha Shivratri

2005-03-08T18:42:00.000+05:30

Hey Friends to all who may be wondering why did i stop posting well it was no blog nostagalia as ppl might say but i have decided to get back to part time studying to increase my professional knowledge. Well I am doing my CCIP and about to give my BGP paper.Well Happy Maha Shivratri to all My Indian readers.Will soon be posting a lot on BGP i mean i am not an expert at it but would post tips and

Coming Very Soon Internet Explorer 7.0

2005-02-16T23:08:00.000+05:30

Microsoft Chairman Bill Gates announced the release of IE 7 (Beta) by Summer. It will be secure and less succeptible to Spywares is what the Big Software giant says. Whatever but i guess it will be worth a shot.Here is an extract from the story on yahoo! news which can be accessed via hereVersion 7.0 of IE will work on systems running Windows XP (news - web sites) Service Pack 2, and will be

Tools & Traps…Do Not Run Configure or Make as Root

2005-02-14T16:01:00.000+05:30

This is specially to my people who are Sys admin and who have a bad habbit which i too had compile programs while logged in as root.Here is an example of how a smart hacker used this to exploit systems :You may have noticed that the process shown for compiling Nessus doesnt run either configure or make as the root user. An important concept in security is the principle of Least Privilege, which

Configuring Dynamic DNS in Redhat Linux 8/9 OR A small How-to on DDNS

2005-02-06T16:54:00.000+05:30

Hey to All on a Lazy Sunday AfterNoon, Just before i hit out on the roads with my friends , lemme write something useful and as i promised last time i would be writting on Dynamic DNS services and it is very easy to configure as easy as it is on Windows Server. WIth the Dynamic DNS service you can update the name for windows clients ... and the advantages are many fold. Starting below is how

Hey to All from a to be Engineer

2005-02-06T14:33:00.000+05:30

Hey Friends ,Dunn be shocked this is the same Nitin and i finished my Engineering 2 yrs back, my cousin Abhinav Sethi from Pune (BVPCoe) Bharti VidyaPeeth College of Engineering has come over for the weekend and was telling me all his final year escapades. It was fun to hear his escapades as i did a lot more during my engineering days.So just struck me to ask him to put it in his own words and he

Linux just isn't user-friendly when it comes to viruses. You have to work to find and run them

2005-02-04T15:35:00.000+05:30

Running Windows viruses with WineA nice article on the newsforge website on trying out below mentioned Windows Virii in WineThe Viruses tested are : KlezMyDoomSobigSCOSomeFoolYou can read more on it and check out the resultshereNitin

Amazing advertisement which features Gandhi

2005-02-04T14:42:00.000+05:30

Amazing advertisement which features Gandhi by an Italian telecom company. View the ad.Nitin

Crowt-A worm or virus whatever you call it

2005-01-28T10:52:00.000+05:30

Crowt-A worm has used a cool social engineering technique to get into ppl's machines and the way it happens with Win machines This just in! Your windows box is mine!Crowt-A's subject line and attachment share the same name, but continually change to mirror the front-page headline on CNN's website. The message text is also lifted from CNN as part of a social engineering technique designed to trick

vgpd aka Virtual Gateway Protocol Daemon

2005-01-17T13:57:00.000+05:30

Found a application similar to HSRP on Linux by Marco Tizzoni and does HSRP Kinda stuff on Linux It is called the Virtual Gateway Protocol Daemon I have tired it out and has the same features as HSRP but remmeber it is not compatible with HSRP The best part about this application is that it puts log entries with the default log deamon which is syslogd on most systems. You can access this

HSRP Exploit : Continuing on with my previous posts on HSRP

2005-01-16T21:32:00.000+05:30

Hey ALL on a Sunday evening, Many of us have implemented HSRP in our network if we have a an all Cisco devices which is enerally the case in India. Just though about mentioning a HSRP hack , a very old one though. Before i go on in case u wanna know more on HSRP and how to configure it you can go to my previous posts Linux and HSRP or call it LINUX HSRP and it links to all the previous posts too

RAM with an LED ticker

2005-01-15T14:54:00.000+05:30

Corsair has shipped a RAM stick with a mini-LED pixelboard built into it. It's intended to show the temperature of the RAM, but you can also customize it to display your own messages in a continuous scrolling ticker that splashes unread messages in red light on the inside of your case. Better yet, you can use Corsair's Memory Dashboard to program the memory to display your own personalized

Fault in Linux Kernel 2.4 => 2.4.29-rc2, 2.6 => 2.6.10

2005-01-08T19:28:00.000+05:30

According to Paul Starzetz, there is a nasty privilege escalation bug in the linux kernel where unprivileged local users can gain elevated (root!) privileges. Picked from the Article : Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. Eeek Paul further describes the level of this vulnerability: We

Netcraft Anti-Phishing Toolbar

2005-01-05T15:56:00.000+05:30

The Netcraft Toolbar uses Netcraft's enormous databases of web site information to show you all the attributes of each site you visit on the Web, including the sites' hosting location, country, longevity and popularity. This is good for the exact reason the site mentions, clear display of sites' hosting location at all times helps you validate fraudulent urls (e.g. the main online banking site of

How To Speed Up Firefox

2004-12-27T13:00:00.000+05:30

Happy Christmas to ALL.My friend gaurav pointed me to a blog putting tweaks to speed up firefox and it really works. The tweaks are as below :1.Type about:config into the address bar and hit return. Scroll down and look for the following entries:"network.http.pipelining""network.http.proxy.pipelining""network.http.pipelining.maxrequests"Normally the browser will make one request to a web page at

Linux and HSRP or call it LINUX HSRP

2004-12-17T11:16:00.000+05:30

Well a hello to all after a long time.I have been getting a lot of hits from google and yahoo for the keywords linux hsrp and leading to a post on HSRP on Cisco router.HSRP is a Cisco properitory protocol and so cannot be implemented on linux.But the same idea can be achieved through VRRP (Virtual Router redundancy Protocol) which is described in RFC 2338.VRRP is also used used when you have

Students uncover dozens of Unix software flaws

2004-12-16T16:52:00.000+05:30

Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online.The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate level

Employer Says No To Blogging - Blogger Quits Job

2004-12-11T14:16:00.000+05:30

As put on http://www.corporateblogging.info/Here in Sweden there's a lot of discussion today about Johnny Munkhammars blog (most links in this post in Swedish).It's a personal blog, but his employer The Confederation of Swedish Enterprise thinks it's a bad idea anyway. They believe his personal views could be mistaken for the organization's.You can read the compolete post here.Hope my employer

Solaris Network Cache and Accelerator

2004-12-07T10:57:00.000+05:30

Just came across Solaris Network Cache and Accelerator. From what i read it looks the same way that squid would run for a local http server.Solaris NCA ArchitectureSolaris NCA consists of the following components:Solaris NCA technology-enabled Web server: httpdKernel module: ncakmodThe kernel module ncakmod maintains the cache of Web pages in system memory. It also communicates with a Web server,

Microsoft Windows Update Services Public Beta Available now

2004-12-06T16:38:00.000+05:30

Hi All,The long awaited Microsoft patch management replacement for SUS is finally in public Beta and provides some much required features.Patch management is one of the hottest topics today.Microsoft provided SUS v.1 which was a sort of corporate Windows Update, configurable using Group Policy or the registry. The first release was a bit buggy and was soon updated. However the tool is still a bit

Spam Sites Crippled by Lycos Screensaver DDoS

2004-12-05T19:03:00.000+05:30

Just posting an update on the Lycos Screen Saver Make Love not Spam but a lill late , it seemed to taken down a few websites and the makelovenotspam.com website was blocked by some backbone carriers as reported by Netcraft.Just to update you that lycos has stopped the downloads as it came under servere criticism from various partners and security agencies.Just posting a extract from the netcraft

New addition to the Blog - comments and trackbacks by HaloScan

2004-12-05T18:46:00.000+05:30

Just added the trackback and comments functionality to the blog using HaloScan.com .So now you would see 2 links to comments , one is the original one from blogger.com and the other is the new one that comes with HaloScan.com. Just with some time as i gain more confidence on the HaloScan.com system will remove the blogger.com comments.Till then pls bear with me cause i need to use the RPC enabled

UK's finger print was offline

2004-12-05T10:49:00.000+05:30

A lill stale news but just came across it and thought it was worth mentioning.If you were a member of law enforcement in the UK recently and you wanted to verify a suspect's paw prints, you were out of luck. The entire finger print system was offline!The article explains:All 43 forces in England and Wales, including London's Metropolitan Police, wereaffected by a software bug, which disrupted

All Symbian 60 phone owners keep a watch on your bluetooth activity

2004-12-01T18:07:00.000+05:30

I have switched off the bluetooth on my symbian 60 series phone after reading on the outbreak of the virus Skulls.B though there have rarely been cases of the virus in India.Mobile phones running Symbian Ltd.'s Series 60 operating system are the target of a new strain of the Skulls Trojan horse program. The new Trojan comes with the Cabir.B worm, which, unlike the first version of the virus, can

A venture by Lycos to prevent spam

2004-12-01T13:30:00.000+05:30

I would call it the attack the attacker strategy and sometimes it works well when you need to defend yourself.Net users are getting the chance to fight back against spam websites Internet portal Lycos has made a screensaver that endlessly requests data from sites that sell the goods and services mentioned in spam e-mail. Lycos hopes it will make the monthly bandwidth bills of spammers soar by

What's the difference between HSRP and VRRP?

2004-12-01T11:59:00.000+05:30

In short, the answer is "Not much!" (By the way, both are even worth the same amount of points in Scrabble.) HSRP (Hot Standby Router Protocol) is a Cisco method of router redundancy. VRRP (Virtual Router Redundancy Protocol) is an industry standard that operates on multiple vendors' routers. VRRP is spelled out in RFC 2338, which notes VRRP's similarity to both Cisco's HSRP and to DEC's IPSTB

Tracking down Spyware Spreaders;)

2004-11-29T22:08:00.000+05:30

In a very fascinating article, this author provides a video (wmv format - ick) of live spyware installations through IE/Windows. The author reveals some interesting facts like pay-per-install rates and suggests a way of tracking these people down. Yes, the author says that IE/WindowsXP-SP2 isn't vulnerable to what he's showing... provided the user is using all the security features. And, of

This is what happens when put a machine open in the internet

2004-11-29T01:31:00.000+05:30

Hey All ,Just before i hit the sacks on a Sunday night aaha lemme call it MOnday morning , this is what i founf when i put a machine open on the internet which no DNS entry and ping blocked to the IP.Luckily i have snort IDS running on the machine and the stats amaze me whenever i get back to them , believe me thats what i can say.Now for testing purposes i am planning to set up honey pot and

Believe it or not

2004-11-29T00:13:00.000+05:30

Just checking up a little on the snort finding its amazing.The most no. of attacks around 100 in the past some hrs for a IP block for which ping is also blocked.This is for MS SQL security hole in which the virus or the worm targets port 1434 but it is a UDP port. But this a Redhat Linux server so no worries :D.You can find the bug here at nessus[cve][icat][bugtraq][snort] MS-SQL version

ACID (Analysis console for intrusion detection) Read ON

2004-11-26T18:50:00.000+05:30

I had just opened the firewall to pass everthing and this is the output i get in 5 mins.If the pic below does not display properly you can do so by clicking herecheck the pic below : Finally snort is up and running fully and planning to put in another LAN card to detect my local network virus activity.The only thing left is to get the GD library works which gives me a tough time alwayz.More

Cyrus IMAP Server multiple remote vulnerabilities

2004-11-26T09:55:00.000+05:30

Multiple venurabilities have been found in the Cyrus IMAP server.Fot those who dunn know what is the Cyrus IMAP server a lill into on it below :IMAP (Internet Message Access Protocol) is an Internet standards- track protocol for accessing messages (mail, bboards, news, etc). The Cyrus IMAP server differs from other IMAP server implementations in that it is generally intended to be run on sealed

What am i posting so late in the night

2004-11-26T00:02:00.000+05:30

Well been busy with studies ( For those who dunn know i am doing my CCNP :) )I am also setting up snort an IDS and believe me the results are amazing.Just posting a snip from the logs below. I have changed the ip address to hide identity .[**] [1:2003:8] MS-SQL Worm propagation attempt [**][Classification: Misc Attack] [Priority: 2] 11/25-11:10:26.653596 W.X.Y.Z:4020 -> A.B.C.D:1434UDP TTL:112

Memtest86 - A Stand-alone Memory Diagnostic

2004-11-24T12:01:00.000+05:30

Found a cool tool to test the memory.Memtest86 is thorough, stand alone memory test for x86 architecture computers. BIOS based memory tests are a quick, cursory check and often miss many of the failures that are detected by Memtest86. Memtest86 is released under the terms of the Gnu Public License (GPL). Other than the provisions of the GNU public licence (GPL) there are no restrictions for use,

Visa scammers hit UK phones

2004-11-24T10:07:00.000+05:30

This is how bloody social engineers exploit the knowledge gap among the ppl who do not understand the niti grities of how the credit card works.Read an extract from the securityfocus website.Credit card fraudsters are trying to fleece UK punters by tricking them into revealing card security information over the phone. The fraudsters, posing as representatives of Visa, are already is possession of

zdnet reviews 7 tool bars from 7 search engines

2004-11-23T14:59:00.000+05:30

I completly agree to what they have to say as stated below : If you're still going to the Google or Yahoo home page to do Web searches, you're missing half the fun--and you're unnecessarily exerting your fingers. Toolbar plug-ins for Microsoft Internet Explorer--and now Firefox--make it easy and fast to look up Web references without having to type in another URL. You can read the full report on

Going further with the DNS installation

2004-11-22T21:32:00.000+05:30

Windows InstallationThe windows installation is pretty simple.For one reason or another you insist to run BIND on windows. Well that's perfectly acceptable! Download the BIND executeable linked from the previous post and install it to the default directory.Under Windows XP, %WINDIR% is 'C:\WINDOWS'Under Windows NT/2K/2K3, %WINDIR% is 'C:\WINNT'%WINDIR%\SYSTEM32\dns\binIn this directory you have

DNS server how-to and what servers are available

2004-11-22T20:23:00.000+05:30

Just before i post on how to do the mail setups here what a lot of ppl have been asking me on a how-to on DNS server setup.A lagre part of the tuto is picked up from silent rage i am too lazy to wirte ;).We all have heard on bind being the most popular DNS server called bind, we'll lately for testing i have implemeted it on my machine :)ok so lets go on with the theroy as usual to begin with :

Hey all Just found a new editor to post at blogger.com

2004-11-22T20:07:00.000+05:30

It can publish for a number of sites and can be found here A lill what the author says about it Post and Publish on Blogger, b2, MovableType, Nucleus, BigBlogTool, BlogWorks XML Blogalia, Drupal, Xoops, E-Xoops, Upsaid, PostNuke, TheBlog, Blog-City, blojsom, Roller Weblogger, Domino, LiveJournal, EraBlog.NET, pMachine, TypePad and YACS blogs» Edit Posts and Templates» Save

Samba Venurability

2004-11-15T11:23:00.000+05:30

Happy Diwali to all My readers once again. All of us are using samba or mebe tried it some time or the other. A venurability was pointed out by iDEFENSE to samba. The attacker could cause high CPU loads (processing) causing a denial of service to the users. The affected versions are Samba 3.0.x <= 3.0.7. Developers at samba suggest to upgrade to the latest version ASAP and to those who cannot

Continuing my own tests on the prev posts

2004-11-13T13:10:00.000+05:30

Just out of curosity on search for 'more evil than Satan' on msn.com or msn.co.uk i did not find a single search result pointing to google. Well what do you ppl say is the tweak in code rectified or it was never there. Just a more detialed read at the vnunet.com article found a screen shot to display the same , looks like the folks are smart there :D The image can be seen at vnunet website by

MSN search brands Google more evil than Satan

2004-11-13T11:58:00.000+05:30

Found this nice article while reading the news on vnunet. The beta version of MSN's search tool has sparked controversy less than a week after its launch when sharp-eyed users noticed that a search for 'more evil than Satan' brings back Google's homepage as the top match. Duncan Parry, creative director at positiondriver.co.uk, a firm which specialises in helping business customers optimise

Ten SP2 flaws leave XP users open to hackers

2004-11-13T11:43:00.000+05:30

Yipes Microsoft XP SP2 has some flaws too . Microsoft Surely is gonna come out with patches for it. Security researchers claimed today that millions of Microsoft customers are at risk from 10 serious security vulnerabilities uncovered in Windows XP patched with Service Pack 2 (SP2). By exploiting all the vulnerabilities discovered in SP2 by security firm Finjan, attackers could "silently and

Happy Diwali

2004-11-12T11:48:00.000+05:30

Happy Diwali to all my freinds , fella bloggers and all the ppl who hit the site ;) For those not from India , Diwali is one of the biggest festivals in India also know as the festival of lights and crackers for the kids. A breif on the diwali celebration in India can be read here and some significance on Diwali here. Nitin :-).

What kind of blogger are you?

2004-11-12T11:43:00.000+05:30

Want to find out? Take this simple Quiz. I liked it. I was stated as a Link Blogger. Now whatever that means! :D Below are the results for those who wanna take a shot at the test ;). You Are a Link Blogger! Your blog is more about cool links than thougtful posts. Better to be entertaining and breif than longwinded and boring! What kind of blogger are you?

Sir Andrew Tanenbaum

2004-11-09T22:47:00.000+05:30

I guess all of us the so called techies have grown up reading some book or the other by rightfully called Sir Andrew Tanenbaum. In fact i had read his books on OS and Computer networks during my college days which got my basics cleared. To those who have not heard of him (Grrrrr) heres his small intro Andrew Tanenbaum, the author of the Minix microkernel. Minix was used by Linus Torvalds

Google sites plagued by phishing opportunities

2004-11-09T22:39:00.000+05:30

A young Italian computer scientist has discovered another phishing opportunity on one of Google's web sites. This bug affects the googlesyndication.com domain, which Google use to serve their text and image based adverts. The discovery comes only days after a similar bug was found with the Google Desktop search tool. As Google spread their technology over a greater number of application areas,

Coming soon the DNS architecture for mailing system

2004-11-09T20:05:00.000+05:30

Will be posting on the DNS setup for mails and much more as time permits in my Diwali Vacations. :) Till then work easy and work Smart Nitin sed 's/e/a/g' my-grammer

FireFox 1.0 Released Finally

2004-11-09T19:47:00.000+05:30

Hey Folks, November 9 has arrived and with it comes Firefox 1.0. According to its home page, Firefox empowers you to browse faster, more safely, and more efficiently than with any other browser. I'm New Here, but this Firefox does sound very promising! I was early to get a preview thanks to the bandwidth at my disposal ;) To all who cannot reach the moxilla website here is a direct link to my

OpenSSL, Groff: Insecure tempfile handling Venurability

2004-11-09T19:38:00.000+05:30

OpenSSL is a part of every Sysad's life. Here is a venurability that Gentoo Linux has published in case you use the Groff util. groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. OpenSSL is a

How to redirect an HTTP connection to HTTPS for Outlook Web Access clients

2004-11-09T14:44:00.000+05:30

A lot of companies in India or i would say big time corporates use the Microsoft Exchange server for their in-house mail services. The big issue is that when the excutives have to check mail outside the company they are stumped cause they cannot use their Microsoft Outlook as they would generally do so in the Office and the reson for this is the ports are not opened due to security reasons. A

[OT] Microsoft pays $ 536 million to Novell

2004-11-09T13:37:00.000+05:30

Wow this is interesting. In an out of court settlement Redmond based software gaint Microsoft paid Utah based Linux giant Novell USD 536 million to fend off the anti trust case filed by Novell related to Novell's NetWare operating system. Microsoft has been paying big bucks to companies in out of court settlements to shun away those big business tricks they do to kill other competing products.

libxml2 Venurability

2004-11-05T13:30:00.000+05:30

This for my Developer friends. Synopsis libxml2 contains multiple buffer overflows which could lead to the execution of arbitrary code. Impact Information Background libxml2 is an XML parsing library written in C. Description Multiple buffer overflows have been detected in the nanoftp and nanohttp modules. These modules are responsible for parsing URLs with ftp information, and

Coming back to setting MX records in DNS for mail server

2004-11-05T13:04:00.000+05:30

A quick look at the MX records for one of the websites say redhat.com redhat guys if you find the info here i cannot post pls dunn feel offended and mail me and i will remove it from here :) C:\WINDOWS\system32>nslookup Server: Mydns.server Address: A.B.C.D > set querytype=MX > redhat.com Server: Mydns.server Address: A.B.C.D Non-authoritative answer: redhat.com MX preference = 10,

Linux cluster companies attract new funds

2004-11-05T11:58:00.000+05:30

Reflecting the growing popularity of Linux clusters for high-performance technical computing, two specialists have garnered new investments. San Francisco-based Penguin Computing raised $10 million, while Linux Networx in Salt Lake City received a $40 million investment. Both companies will use the funds to develop new technology and expand into new markets, they said in announcements Thursday.

Tweaking the DNS to suit your MTA requirements

2004-11-02T11:04:00.000+05:30

Hi everyone and Good Morning to the ppl living on this part of the world. COuld not post yesterday been a lot busssyyyy. A lot off people ask me whether i have set up sendmail , qmail , Cyrus IMAPD, but no one has got an answer to the question that after i set up any of the following services how would the world or say any other mta in the world know that i have a mail server sitting at IP

Next Series of Posts on MTA's function

2004-11-01T11:39:00.000+05:30

Next series of posts would be on functioning of mta and picking up qmail in detail and then try and slowly move on to antispam etc. My major source of qmail knowledge come form lifewithqmail.com website. The first post should come in by tonight. Till then take care and work smart and easyyyy..... Nitin :-).

Firefox nears final launch and a venurability in the current releases

2004-10-29T14:31:00.000+05:30

A final test version of open-source browser Firefox has been released, giving users a peek at what are expected to be the official features of the free software. The latest test version of Firefox 1.0 fixes about 250 bugs that have been reported since the preview release of the browser earlier this year, according to the Mozilla Foundation. "If all goes well testing these builds, then we're

PuTTY Security Advisory!

2004-10-28T13:51:00.000+05:30

PuTTY fails to do proper bounds checking on SSH2_MSG_DEBUG packets. The "stringlen" parameter value is incorrectly checked due to signedness issues. Note that this vulnerability is similar to the one described in GLSA 200408-04 but not the same. When PuTTY connects to a server using the SSH2 protocol, an attacker may be able to send specially crafted packets to the client, resulting in the

E-Voting Cos. Reveal Software to National Software Reference Library

2004-10-28T13:40:00.000+05:30

SAN JOSE, Calif. - The nation's largest voting machine companies are submitting millions of lines of code to the National Software Reference Library to address sharp criticism from computer scientists about the secret software used in elections. But executives at the voting machine makers said Tuesday they would not submit their most valuable data - their proprietary source code. And they might

SAP taps HP for software-as-service push

2004-10-27T13:14:00.000+05:30

SAP has stayed on the sidelines of the pay-by-the-month software market, but that may soon change. The German company, which specializes in business-efficiency programs, is getting ready to launch a service similar to those offered by subscription software companies Salesforce.com and RightNow Technologies. SAP plans to discuss on Wednesday the details the initiative, which involves a new

Fake Redhat Security Update Email

2004-10-25T11:49:00.000+05:30

It's been reported that a fake email claiming to be from Redhat has been circulating. The fake message urges Redhat and Fedora users to download and apply a security update from fedora-redhat. Note that the real fedora site is located at http://fedora.redhat.com. The "upgrade" is actually a tarred binary that installs a trojan on the system. Note from redhat regarding this issue: http://

Vulnerability hits Java for cell phones

2004-10-24T14:48:00.000+05:30

Hey Freinds Hope everyones having a lazy Sunday afternoon NO OFFENCES MEAN TO ANY ONE OR ANY COMPANY BY MY POST BELOW Heres what i came across surfing the net about Java Based cell phones . Looks like soon our O2 are going to be bundled with AV software. A lot of ppl are posting exploits on Symbian handsets. I am hot having links handy for the symbian phone but will be posting as soon as i can

Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability

2004-10-23T01:30:00.000+05:30

A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting. It is reported that the vulnerability presents itself due to a failure to properly validate trust relationships between method calls that are made in separate Internet Explorer windows. This may make it possible for script code to access properties of a foreign domain or Security Zone.

Gaim Multiple Vulnerabilities

2004-10-23T01:27:00.000+05:30

Many of us have GAIM as their IM GUi using GAIM which i admin is too good but its vendor disclosed a few venurablilites as below : The following specific issues have been disclosed by the vendor: Gaim is reported prone to a remote arbitrary command execution vulnerability during the installation of a smiley theme. The Gaim client is reported prone to a remote heap overflow vulnerability

Sun Solaris LDAP RBAC Local Privilege Escalation Vulnerability

2004-10-23T01:23:00.000+05:30

Sun Solaris is affected by a local privilege escalation vulnerability due to LDAP and RBAC implementation issues. The problem likely presents itself due to a design error. A local attacker may exploit this issue to gain superuser privileges on an affected computer. Sun Solaris 8 and 9 are affected by this. You can read more of it here.

Happy Dussera

2004-10-22T16:35:00.000+05:30

Happy Dussera to my friends and Fellow readers. A big thank you to all for giving me so many mails within a very short span to starting writing the blog. For those who wanna know what Dussera is ?? Dussera is a religious festival celebrated all over India. For more info click here. Neo.

cisco port chanelling / Trunking how-to

2004-10-20T10:58:00.000+05:30

Here's how i channeled 2 ports of a 2950G and 2970G. The hostname is same as the model number. Some theory for thrunking before we proceed ahead. A point-to-point link configured on a single Fast-Ethernet, Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle and another network device, such as a router or second switch. Trunks transport the packets of multiple VLANs over a single network

HoneyPot

2004-10-20T10:41:00.000+05:30

Honeytokens: The Other Honeypot One of the greatest misconceptions of honeypots is they have to be a computer, some physical resource for the attacker to interact with. While this is the traditional manifestation of honeypots, its not the only one. Take into consideration the definition of the honeypot, as defined by the honeypot mailing list. "A honeypot is an information system resource

Cisco Port Chanelling / Trunking

2004-10-18T23:34:00.000+05:30

Hey to all my readers. Been a wonderful week lots of work done and this time had trunked up a few ports between swiches and switches to balance or sooth up the traffic. Soon writing on how i channeled up ports for a cisco 29XX and 29XX Gig compatible switches. Keep the sugessions flowing and time to hit the sacks. till then Nitin ;)

Apache mod_ssl SSLCipherSuite Access Validation Vulnerability

2004-10-18T23:26:00.000+05:30

Hope every one had a good weekend I am not sure if most of us are aware of this mod_ssl apache venruability. Apache 2.x mod_ssl is reported prone to an access validation vulnerability. This issue presents itself when mod_ssl is configured to be used with the 'SSLCipherSuite' directive. It is reported that this vulnerability allows a client to use any cipher suite allowed by the virtual host

Bug found in phpMyadmin

2004-10-15T01:57:00.000+05:30

This is a notice to all my developer friends . Users of the increasingly popular, open-source MySQL database may be at risk from remote attacks due to a bug in phpMyAdmin, a widely used Web-based MySQL administration tool. On Wednesday the phpMyAdmin project warned of a bug in the way the tool's MIME-based transformation system handles "external" transformations. Attackers could exploit the

A small how-to on how to chroot a user in bash shell

2004-10-12T20:14:00.000+05:30

I know i have been bad in promises but this is now to chroot in bash shell. The first and foremost is that you become the root or else use sudo on each step. A little assumption before i start : juser : username of the user who logs in to the chrooted BASH shell jailed : group the above user belongs to :) 1. Creat a new shell file as /bin/chroot-sh Contents of /bin/chroot-sh are #!/bin