Summer of 2000

The joys of YouTube, bringing back ‘oldies’, jolting back the old nostalgic memories of a good time. One of the best bands ever to come round, and Harriet Wheeler is so terribly sugary sweet. Jamming with jangly guitars, chiming arpeggios, rickenbackers, gibson 335s…what an incredible time I had with friends of old. And it takes me to the days with her (incidentally Harriet looks closely like an asian version of her), someone who’s now living off another continent happily, we were so close yet so far. The many times I resisted holding her hand, or drawing her closer to me. Her sweet scent I would never forget, her smile an imprint forever etched in my mind. Good days past, I wish you well and I’m glad we ended up the way we are now.

That semi-european city in the Southern Hemisphere

A great excuse to take some pictures of the city minus the traditional stuff you’d see on tourism brouchures.

St Paul’s church with a CBD backdrop. The amazing thing about this city is it’s european feel without being too cosmopolitian. Which is a good thing or a bad thing depending on who you are. Personally I do miss the buzz of my home country but Melbourne’s quaint laneways and al fresco cafe culture gives a unique characteristic that I could never find in Sporeland. It does not however have that same iconic feel as some of the larger ‘World Cities’. One of the re-discovered joys that I’ve er..discovered recently, are the existence of these laneways. They harbour an interesting plethora of coffee holes, eateries or even that odd sushi joint. At lunch time, these same lanes are awashed with suits.

The architecture conveys a mixed euro-aussie-american sentiment. Heritage buildings are preserved, with interesting neo-gothic examples here and there.

This particular office building was built right onto an old building front, thus maintaining it’s ‘heritage’ value. It is the site of a multinational accounting firm, and I’ve often found it remarkable how the entire office building rests on the foundations of the old Herald Sun block.

In order to prevent urban sprawl, the CBD is drawn up into a compact grid pattern with the surrounding parks and river making a ‘belt’ around the city. It’s often a great stress relief having to look out into the botanical gardens straight out of the office window, surveying the river’s South Bank and the Eureka Tower.

Naturally, all these photos were taken on nice sunny days. Melbourne is known to have ‘4 seasons in one day’, sunshine one minute and cold rainy bleak weather the next. When that happens, it looks miserable and foggy.

But when the weather’s great like this evening, you’d just feel like getting out on the river for a nice casual stroll.

A reminder to secure access rights to key executables

Time and time again I forget this. And time and time again, I’ve seen cmd32.exe get executed remotely because the administrator has forgotten to only limit executing cmd32.exe to only administrators and not the EVERYONE group.

Netcat listener on the box, command line, call up cmd32.exe -> 0wn3d

It’s not only the command executable though, other stuff you can lock down in Windows System 32 should be locked down to administrator only.

Last thing before I forget, best practice is to only allow Administrators to log on locally. I can imagine letting anyone else log on locally. Everyone else should be confined to a network logon with “Run As” enabled to execute whatever they want to execute.

JC

Jesus is everything, my source of peace, righteousness, strength and favour.

Hebrews 4:16: “Let us therefore come boldly unto the throne of grace, that we may obtain mercy, and find grace to help in time of need”

VMware and Dapper

During the install of vmware in Ubuntu dapper, I found out that the only way to resolve apt-get update rubbish was to delete the line Archive Proxy = “false” in /etc/apt/apt.conf. My best guide for the install was found here

In trying to get linux-kernel-headers, always check kernel version by uname first then do apt-get install linux-kernal-headers . Wonderful isn’t it. VMware on linux requires you to install VMware web console and Console.

OR: Other alternative is this

To get dapper working I had to do the following

http://intr.overt.org/vmware-xorg-7.0/i386/

Copy them two files from that URL to

/usr/lib/xorg/modules/input
/usr/lib/xorg/modules/

Who’s up for a round of Teh Tarek?

There’s a quaint malay stall just up Swanston towards the University selling all manner of Singapore/Malaysian food. Went back two days consecutively, and got the princess to come along for the second time round. Right after dinner, I had the sudden crave to ring my friends for a session of teh tarek and trash talk. It was then that I’d realised I had had no friends to do that with, no one within a 30km radius, let alone a 5000km+ distance.

I must be home sick.

Onion Skinning Web Architecture

In establishing risk and architecting how business logic and data flows are created in a web architecture, one must consider the following: Front end, Business logic, and Back end. I hope I’m not missing anything. The front end is always the end that gets a request from the user and gives back a response. It’s only job is to do basic processing. It should next handover the data to an application server where the business logic should reside, during which all transactions (if required) would talk to a backend database server.

The main idea is to seperate each process into layers. Presentation should always be seperated from business logic and from backend. You can change the presentation without affecting the business logic behind this. That way risk is also managed progressively if things need to be scaled. Anything that talks to the internet should be in the DMZ of course, and these hosts should managed as untrusted hosts completely. You wouldn’t want anything out in the DMZ to have a means to affect the internal hosts..in a bad way of course.

I hope I got this right. Thanks to my friend PK for tirelessly explaining this and putting up with my whimsical questions.

How Great is thy Duck

One of my favourite dishes, something I sorely miss from home. Duck rice! Ever tasty, drapped with sweet dark sauce (I don’t know what it is, but I don’t care), egg, layers of tender duck meat, and topped with rice. I just can’t find any of that here in this part of the world. Oddly duck is an item which I find in most french menus here.

Hacking Platforms – Just a thought

One of the things I’ve noticed recently is the various approaches by which penetration testers conduct ‘attacks’ on networks and platforms. Some choose the noisy way, going in scanners blazing, ping sweeps, loud NMAP scans that light up enough IDS like a Christmas tree. Not many realised that stealthy-ness is the way to go. Unless of course a client pays you to go in the high profile way so that they can test how effective their IDS systems are, or the response time for their analysts to pick up something. Generally I prefer the quiet enumeration way first. Things like:

net view /domain would be sufficient to discover domains

net view /domain:domain_name (where domain_name -> name of discovered domain) would list out machine names in each domain.

Windows of course, I could go on and on, and there’s another bunch of tricks to be used on Unix. Anyway patience is the name of the game when conducting stealthy attacks on platforms. It’s hard to rein in this inner urge to launch metasploit and go for the juiciest fruit in the network.

SPIT

No not the usual spit. Rather SPAM over Internet Telephony. Unfortunately the new age of SPAM has arrived in the form of SPIT. And you thought telemarketers calling you was a bad thing, wait till you get that shiny new VOIP modem and phone connection.

Recently I ‘fortunate’ enough to experience an example of this. You see most new office phones use VOIP nowadays, either CISCO IPTEL or ALCATEL or NORTEL. Anyway the phone rang, picked it up and lo and behold it was the CEO. No I wasn’t that important that he would call me personally, but it was actually a phone recording congratulating the firm on doing well and the usual pep talk.

So the next time you could get some recording on your VOIP phone going “Receding hairline? Tired of not getting that girl of your dreams? Try HairCrack!”. Except you can’t scream at the poor indian/chinese/filipino operator on the other line, you’ll be screaming at a voice recording spammed through your VOIP exchange. And just wait till your voicemail box is filled with SPAM voice mails. More from El Reg:http://www.theregister.co.uk/2005/02/17/spam_gets_vocal_with_voip/