Friday, July 31, 2015

Leaked Zerofox documents outline Baltimore network infrastructure vulnerabilities

Several days ago a document from the corporation Zerofox was leaked on the internet. Zerofox is a domestic spying organization there is no other word for them. They are paid obscene amounts of money to monitor people's Twitter and Facebook accounts, and provide the results of their stalking to police departments and other people who are in theory bound to respect the autonomy of free political speech. In the document that was leaked, Zerofox claimed to have "mitigated" 19 "threats" and "monitored" hundreds of others. The document is available here.

What constitutes a threat? Political speech that is critical of the police. At the top of the list of "physical threats" are #blacklivesmatter activists Deeray McKesson and Johnetta Elzie, neither of whom have ever been convicted of a violent crime AFAICT. The report recommends that police engage in "continuous monitoring" of the pair and justify this absurd response because they have "coordinated protests". The two were not alone on the list, which lists several other protesters and bloggers. Several times Zerofox recommended police perform a social media "profile takedown"; one of these recommendations was justified by Zerofox because an individual "slandered" a police officer. The slander consisted of taking screenshots of the police officer's Facebook posts - posts that included long, rambling racist screeds.

Most of this is well known, or will be over the next couple of days. This is a tech website! So what is my angle?

After the first few pages of creepy Stasi-style investigation, the report began to list what Zerofox believed were vulnerabilities in City of Baltimore networks. The "vulnerability reports" are laughably amateurish and consist almost entirely of information available from WHOIS, googling lists of applications combined with the word "exploit" and maybe nmap scans.

baltimore servers joshua wieder zerofox
2 kilos of WHOIS; street value $250,000
There are two things about this report that are interesting. First of all, it includes a list of Baltimore city online resources that would not immediately be publicly available - servers like email backups and an Exchange server that is either entirely for internal use or horrifically misconfigured (it lacks an rDNS entry, so it won't be doing a lot of sending to email servers setup by grown-ups).


And secondly, I really can't stress enough how bottom of the barrel this is. Let's just set aside the first part of this product that the people of Baltimore were forced to purchase. If this is what municipal governments believe infosec looks like, we are in for quite a few more repeats of Office of Personnel Management "cyber-warfare Pearl Harbors".

(Did you just vomit a little? I always vomit a little when I hear anything that begins with the prefix "cyber-")

Cryptome publishes my Wikileaks findings

Those unfamiliar with my Wikileaks findings should read my (so far) four post series on my discover of malware within files available for download on the Wikileaks website that can, among other things, identify and track those reading infected files: 1st post | 2nd post | 3rd post | 4th post 
Note that my posts are lengthy and contain some technical information. If you aren't really into reading technical things you would probably prefer the summaries of my findings available in The Register or Neue Zürcher Zeitung (for German speakers). 

Because Wikileaks has refused to inform its users that the infected files are, in fact malicious, I went public with my findings. Cryptome has just published a letter with a brief explanation of the issues with the Wikileaks malware

cryptome joshua wieder wikileaks malware



Cryptome is a long time advocate of government transparency, and had already been publishing leaked documents on their website for close to a decade when Wikileaks was first created. Here is Cryptome describes their mission:
Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those. Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order served will be published here -- or elsewhere if gagged by order. Bluffs will be published if comical but otherwise ignored.
Cryptome has had its ups and downs over the years. Certainly, publication there is not verification of my findings. However, I greatly appreciate the publication and hope that it contributes to my ongoing goals of getting some extra pairs of eyes reviewing these malicious files as well as other file leaks, and to warn journalists and activists of the dangers of improperly handling these malware infected files.

At least two major news papers will be running features that I know of; I'll post those as they are released.

[TUT] How to prevent Stagefright exploitation

 How to prevent Stagefright exploitation
Recently, Google announced that there's a new bug discovered and could manipulate your  android phone. Almost 95% of android phone could be risk and vulnerable for a single text thru MMS. Hacker bind a code in this MMS and can exploit the victim even you did not download or opening it unlike in other malware. This attack severely include froyo 2.2 up to android 5.1 latest android version. Actually, Google has already patch for this to prevent it but they still contacting all the manufacturer of smartphone company. It also warned us that this is crucial and still unknown on how could this attack happen. How can you imagine this for only single text can manipulate your phone without knowing it. Perhaps can accesss your data, photos, and bank account that link in your phone.

Stagefright Exploitation Prevention


According. to forbes.com, "The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits would be mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions. That would allow for recording of audio and video, and snooping on photos stored in SD cards. Bluetooth would also be hackable via Stagefright".

Based on my observation this stagefright has a big rule in our android phone. It seen in system libs that can access our media files, as well as audio and videos. Honestly, I don't have an idea how can manipulate it via MMS nor what the extent of the attack and how dangerous is it. Although, stagefright which access our media we can prevent it. Simply, MMS is the route we need to disable it.
I have two method to disable it one is via mms settings just off your auto retrieve and other one simply change APN of network settings. We need to prepare until waiting for the updates of Google's android. Also don't give your number to suspicious persons. Remember the famous quote, "Prevention is better than Cure".


Method 1.

Go to MMS settings>Auto Retrieve>Off

MMS SETTINGS SCREENSHOT


Method 2.
Go to settings>more>Mobile Networks>Access Point Names> Change MMS proxy and port any name you want. To disable MMS.


MMS SETTINGS SCREENSHOTS 2





Wednesday, July 29, 2015

PHP logging timestamp oddities

I noticed something odd yesterday while reviewing log data on one of the RHEL 7 web servers I look after. Peering through the PHP error log, I noticed that all of the timestamps were formatted using the Coordinated Universal Time (UTC ... because acronyms that make sense are for losers).

[29-Jul-2015 14:26:04 UTC] PHP [redacted] on line 511
[29-Jul-2015 14:26:04 UTC] PHP [redacted] on line 530
[29-Jul-2015 14:26:04 UTC] PHP [redacted] on line 574
[29-Jul-2015 14:26:04 UTC] PHP [redacted] on line 607
[29-Jul-2015 14:26:04 UTC] PHP [redacted] on line 629

There is nothing wrong with UTC. UTC avoids the calamities inherent in the highly politicized, frequently changed, deeply flawed and inevitably pointless Daylight Savings rules. And unlike epoch-based timestamps, UTC is human readable. It's good stuff. Your hwclock should use it.

With that said, with this particular server a decision was made for logging to consistently be Eastern Time. So I jumped through a number of hoops to make this the case while maintaining reliability. I set the system clock timezone, and enabled regular check-ins with an NTP server pool:

# timedatectl
Local time: Wed 2015-07-29 10:40:22 EDT
Universal time: Wed 2015-07-29 14:40:22 UTC
RTC time: Wed 2015-07-29 14:40:21
Timezone: America/New_York (EDT, -0400)
NTP enabled: yes
NTP synchronized: yes

PHP itself demands that timezone be explicitly declared in php.ini. Failing to do so produces `E_NOTICE` notifications in PHP logs. So, I assigned that value to Eastern time also:

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = America/New_York

Meanwhile, this server uses rsyslog v7.4.7, and relies on the default timestamp template for logs handled by rsyslog.

# rsyslogd -v
rsyslogd 7.4.7, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
uuid support: Yes

# less /etc/rsyslog.conf
[...]
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

The upshot of this is that every log file on this server that uses time stamps uses the Eastern Time Zone, even `dmesg -e`, with the sole exception of the PHP error log. I point out the rsyslog settings despite the fact that php.ini's error log settings could give readers the impression that with the current configuration of my system syslog settings wouldn't be managing this situation.

log_errors = On
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; http://php.net/error-log
; Example:
;error_log = php_errors.log
; Log errors to syslog (Event Log on NT, not valid in Windows 95).
;error_log = syslog
error_log = /var/log/httpd/php.log

See how the role of syslog is a big vague?

Its entirely possible I have overlooked something painfully obvious. It certainly wouldn't be the first time. I am just a dude; I make mistakes (and yet the Dude abides).

But - I am not the first person to come across this issue. Bug report #45191 was filed over 7 years ago to address this issue:

[2008-06-05 23:50 UTC] info at organicdata dot co dot za
Description:
------------
I've noticed that changing the default PHP timezone using either php.ini date.timezone or date_default_timezone_set appears to have no effect on the timestamp used for each entry PHP writes to the file set by php.ini value error_log (when php.ini log_errors = On)

It seems to use the system timestamp regardless. I've done some searching on the web but found nothing and am afraid I'm not sure whether a bug or by design but it seems strange enough to submit here

Derick Rethans handled the bug report initially. I'm not going to bust Derick's balls too hard; I don't know him personally but even a brief look at his contribution history is enough to demonstrate his competency as a developer. He has certainly done more for the PHP project than I have.

That said, Derick wasn't interested in dealing with this.

[2008-07-14 10:06 UTC] derick@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is normal. The error log is not *written* by PHP, but by syslog. Syslog doesn't care about PHP's internal timezone, and thus formats the log message according to the system timezone. Just change the system timezone if it's incorrect.

MAN. You are a dumbass info at organicdata dot co dot za. RTFM, right? organicdata's reply would seem to confirm Derick's finding. It was a lengthy complaint about what a hassle it is to set timezone in two places, particularly in situations where your server in the Netherlands is hosting HawaiiAutoMechanics.Biz or something. This scenario is indeed a bummer, but don't forget what's going on with my server - changing the system timezone doesn't do a damn thing with this issue (in a version of PHP two minor releases later: 5.2 -> 5.4). Fortunately, Jani jumps in with here 2 cents.

[2008-07-28 22:46 UTC] jani@php.net
Actually error_log="somefile.log" does not use any syslog stuff to write the entries in it. This is the line from main.c:490 which gets executed if error_log != syslog:

strftime(error_time_str, sizeof(error_time_str), "%d-%b-%Y %H:%M:%S", php_localtime_r(&error_time, &tmbuf));

There are 2 problems here: [a] it's using locale sensitive %b modifier [b] It doesn't care about date.timezone.

Solutions:
[a] IMO it should use this pattern instead: "%Y-%m-%d %H:%M:%S" (f.e. lighttpd uses this for it's error_log entries :)
[b] I don't know how to safely achieve the above mentioned issues with date.timezone vs. system timezone. Might be better leave this as is..
To which Derick responds:

[2008-07-29 06:46 UTC] derick@php.net
It should be switched from strftime() to php_format_date(). This is not an issue with the Date/Time functionality though, but with the syslog one.

[2009-05-03 19:09 UTC] derick@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

Thank you for the report, and for helping us make PHP better.

All better! 

Well, not quite. strftime() was in fact replaced, and references to `%b` were removed, in the PHP source files.

However by 5.3.8, the bug was being reported continuously for RHEL and CentOS users. As of my version, here is what I believe to be the relevant handler; starting from main.c:615

 /* Try to use the specified logging location. */
if (PG(error_log) != NULL) {
#ifdef HAVE_SYSLOG_H
if (!strcmp(PG(error_log), "syslog")) {
php_syslog(LOG_NOTICE, "%s", log_message);
PG(in_error_log) = 0;
return;
}
#endif
fd = VCWD_OPEN_MODE(PG(error_log), O_CREAT | O_APPEND | O_WRONLY, 0644);
if (fd != -1) {
char *tmp;
int len;
char *error_time_str;

time(&error_time);
#ifdef ZTS
if (!php_during_module_startup()) {
error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 1 TSRMLS_CC);
} else {
error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 0 TSRMLS_CC);
}
#else
error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 1 TSRMLS_CC);
#endif
len = spprintf(&tmp, 0, "[%s] %s%s", error_time_str, log_message, PHP_EOL);

Additional bug reports were opened where #45191 left off in 2012, demonstrating errors in IIS, Debian, Gentoo and other operating systems. Apparently, the fix for this issue caused segfaults in Windows ZTS builds per bug report #60373. A patch was released in report #60723. The distinction between the patch and the release I am using is ... subtle to say the least.

@@ -627,7 +627,15 @@ PHPAPI void php_log_err(char *log_message TSRMLS_DC)
char *error_time_str;

time(&error_time);
- error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 0 TSRMLS_CC);
+#ifdef ZTS
+ if (php_during_module_startup()) {
+ error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 0 TSRMLS_CC);
+ } else {
+ error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 1 TSRMLS_CC);
+ }
+#else
+ error_time_str = php_format_date("d-M-Y H:i:s e", 13, error_time, 1 TSRMLS_CC);
+#endif
len = spprintf(&tmp, 0, "[%s] %s%s", error_time_str, log_message, PHP_EOL);
#ifdef PHP_WIN32
php_flock(fd, 2);

The only difference appears to be the inversion of the `if (php_during_module_startup())` loop, and the attendant flipping of the TSRMLS_CC that would appear to ensure that the patch is substantively identical to the source for 5.4.16.

This sort of thing is just obnoxious enough to drive my OCD side up a wall, while not posing any serious security or functionality risks given the current deployment it's not worth it to spend a ton of energy testing multiple versions of PHP to resolve it.

Has anyone had success resolving this issue with more recent versions of PHP? Let me know!

Tuesday, July 28, 2015

Hotmail is bouncing bugtraq mailing list emails from Yahoo

What really irks me about this is that I deliberately use gigantic, stupid MTAs like gmail and live mail to deliberately avoid this sort of garbage (deliberately). Those familiar with administrating large volume email can appreciate that you can perfectly configure your mail server and end up bounding all over the place because almost everyone with a mail server is not an actual email administrator and has no clue what they are doing. Email, like high school, is ultimately all about popularity. Even the least competent of email server owners will eventually get tech support to make sure google and microsoft can deliver to and receive from their Zimbra abomination.

At least that's what I figured until I started getting bounces like the one below. It seems Microsoft has decided that Security Focus mailing lists are too dangerous. To step up the oddity of this policy, bounces only occur when the originating MTA is with Yahoo. I can receive email directly from securityfocus.com. I can receive email from securityfocus.com when the originating mail server is a one-off IP address from Finland that is part of a DSL netblock. But Yahoo is a bridge too far. Stupid stupid stupid.

Return-Path: <>
Received: (qmail 22048 invoked from network); 15 Jul 2015 15:26:46 -0000
Received: from sf01mail1.securityfocus.com (HELO mail.securityfocus.com) (192.168.120.35)
by lists.securityfocus.com with SMTP; 15 Jul 2015 15:26:46 -0000
Received: (qmail 27445 invoked by alias); 15 Jul 2015 15:26:31 -0000
Received: (qmail 21710 invoked from network); 15 Jul 2015 15:26:06 -0000
Received: from sf01smtp2.securityfocus.com (192.168.120.34)
by mail.securityfocus.com with SMTP; 15 Jul 2015 15:26:06 -0000
Received: by sf01smtp2.securityfocus.com (Postfix)
id E771981455; Wed, 15 Jul 2015 10:31:59 -0700 (PDT)
Date: Wed, 15 Jul 2015 10:31:59 -0700 (PDT)
From: MAILER-DAEMON@securityfocus.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bugtraq-return-55766-(redacted)=live.com@securityfocus.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="5D865812F6.1436981490/sf01smtp2.securityfocus.com"
Content-Transfer-Encoding: 8bit
Message-Id: <20150715173159 data-blogger-escaped-.e771981455="" data-blogger-escaped-sf01smtp2.securityfocus.com="">

This is a MIME-encapsulated message.

--5D865812F6.1436981490/sf01smtp2.securityfocus.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host sf01smtp2.securityfocus.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<(redacted)="" live.com="">: host mx4.hotmail.com[65.55.92.152] said: 550 5.7.0
(SNT004-MC2F10) Unfortunately, messages from (143.127.139.113) on behalf of
(yahoo.com) could not be delivered due to domain owner policy restrictions.
(in reply to end of DATA command)

--5D865812F6.1436981490/sf01smtp2.securityfocus.com
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; sf01smtp2.securityfocus.com
X-Postfix-Queue-ID: 5D865812F6
X-Postfix-Sender: rfc822; (redacted)@securityfocus.com
Arrival-Date: Wed, 15 Jul 2015 10:18:42 -0700 (PDT)

Final-Recipient: rfc822; (redacted)@live.com
Action: failed
Status: 5.7.0
Remote-MTA: dns; mx4.hotmail.com
Diagnostic-Code: smtp; 550 5.7.0 (SNT004-MC2F10) Unfortunately, messages from
(143.127.139.113) on behalf of (yahoo.com) could not be delivered due to
domain owner policy restrictions.

--5D865812F6.1436981490/sf01smtp2.securityfocus.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Received: from lists.securityfocus.com (lists.securityfocus.com [192.168.120.36])
by sf01smtp2.securityfocus.com (Postfix) with QMQP
id 5D865812F6; Wed, 15 Jul 2015 10:18:42 -0700 (PDT)
Precedence: bulk
(redacted)
Delivered-To: mailing list (redacted)@securityfocus.com
Delivered-To: moderator for (redacted)@securityfocus.com
Received: (qmail 9417 invoked from network); 15 Jul 2015 10:14:32 -0000
Date: Wed, 15 Jul 2015 10:14:31 GMT
Message-Id: <201507151014 data-blogger-escaped-.t6faevnw013232="" data-blogger-escaped-sf01web2.securityfocus.com="">
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: (redacted)@yahoo.com
To: (redacted)@securityfocus.com
Subject: XSS vulnerability in OFBiz forms

Video Tips for Handbrake on Mac OS X 10.11 El Capitan

At Times you need HandBrake Alternative software to achieve better SD/HD video and DVD/Blu-ray conversion on Mac OS X 10.11 El Capitan, and iMedia Converter for Mac is best recommended HandBrake Alternative for on Mac OS X 10.11 El Capitan. 

Read the Software review>> Pavtube Softwares Comparison | Pavtube DVDAid vs AnyDVD | ByteCopy & MakeMKV | Best Video Converter Ultimate Reviews...

 Learn more >> The most powerful software of comparative

Handbrake is a open source video transcoder, which is wildly used by Mac OS users. It supports to transcode video and audio from nearly any format to MP4, MKV, AVI on  iMac abd MacBook. With Handbrake, you can convert Videos, DVD, Blu-ray on Mac OS X  for viewing on your iPad, iPhone, iPod touch easily. 

Following with this detailed HandBrake Mac Tutorial, you will learn how to rip DVD, Blu-ray and transcode videos on Mac OS X with Handbrake. 

Step 1: Download and Install Handbrake

Firstly, you should download and install Handbrake for Mac on your Mac OS X. 



Note: Here, we can see that HandBrake for Mac OS X 10.6-10.10 is for 64 bit Intel. 

Step 2: Load source video to HandBrake and set Destination and Output 

Click the “Source” button on the main interface to add video, DVD or decrypted Blu-ray to the program. In the Destination section you can set the output folder by clicking Browse button.  One thing you need to decide is what format (MP4, MKV, AVI, OGM) Output setting section also has 3 options you can choose: Large File Size, Web optimized and iPod 5G support.



Note: Handbrake supports to input multiple file formats, but it can only convert them one by one, if you want to transcode many videos, please make sure you have enough time to do it. 

Step 3: Adjust video and audio settings

You can adjust video filter, video, audio subtitles, chapters, etc to make the output videos more suitable. You should pay attention that when you select the birate, the higher bitrate you choose, the bigger size the output file will be, and the better quality you will get.



Step 4: Start to convert video with Handbrake on Mac OS X

Click on the Start button on the left top of Mac version HandBrake. The encoding time will depend on several variables including: the duration of the video file, the speed of your Mac computer and which Mac OS, Mac OS X Tiger, Leopard, or Mac OS X Snow Leopard. What other activity your computer is currently doing, the codec you selected (H264 or MP4).

Conclusion of this Handbrake Tutorial for Mac:

This is basic HandBrake Tutorial for Mac OS X users, for details explanation, you need to cast an eye on HandBrake official site. And as a free transcoding software, you may come across with unexpected issues when using HandBrake on your Mac from time to time. Handbrake has some limitations. For instance, it can load multiple video and copy protected DVD, but it does not support the encrypted Blu-ray disc. It only can be used to transcode a Blu-ray disc that the protection is first removed using a third party application. It does not support batch conversion and shut-down automatically after conversion. And the most severe problem is HandBrake just supports Mac OS X 10.6 - 10.10. The newest Mac OS X 10.11 El Capitan system is not supported by HandBrake.

Therefore, it is better to find some HandBrake Mac version Alternative software to fill all the limitations that Handbrake lacks, such as backing up encryption Blu-rayripping DVD to iTunes, copying Blu-ray and DVD on Mac OS X El Capitan. Pavtube iMedia Converter for Mac is the recommended HandBrake Alternative. It is all in one solution for you to convert SD/HD videoS, rip DVD/Blu-ray to various formats on Mac OS X from 10.6 to 10.11 El Capitan. You can use the batch conversion functions to transcoding multiple files at a time. The versatile and distinctive editing functions can help you create elegant videos.

Free download and install

          

Other Download:
- Pavtube old official address: http://www.pavtube.cn/imedia-converter-mac/
- Cnet Download: http://download.cnet.com/Pavtube-iMedia-Converter/3000-2194_4-76177788.html

How to use HandBrake Mac Alternative on Mac OS X El Capitan?

Step 1. Load your Blu-ray

Run Pavtube iMedia Converter for Mac on Mac OS X El Capitan, load your Blu-ray disc, folder, ISO image files by clicking the "File" icon.



Step 2. Choose target format

Click the format bar to choose "HD Video" and "H.264 HD Video (*.mp4)".



Step 3. Start conversion

After everything is OK, click the big button "Convert" to start conversion on Mac OS X El Capitan. After conversion, you'll get your desired MP4 movie in output folder. 

That is easy to use HandBrake Mac Alternative to convert videos on Mac OS X El Capitan. Just try.

If want more detailed video conversion steps, read this article: How to Convert Videos on Mac OS X El Capitan with Pavtube iMedia Converter for Mac?

Read More:

Good News! To thanks for your continuous support, Pavtube Official Website and Pavtube Facebook are now holding the biggest sale for this summer with fantastic 50% off discounts and giveaway. Pay less to get powerful Blu-ray/DVD/Video Converter to build your own home media center on this summer!

Giveaway: First Five customers can share this post, email us your order numer and the snapshot to win one more FREE license, no product limit! 

Related Article:
Source: http://macosxelcapitansolution.altervista.org/handbrake-mac-tutorial-on-el-capitan/

Monday, July 27, 2015

Oh, Kaspersky

By accident I clicked on Eugene Kaspersky's Twitter account and I was greeted with this:

Eugene Kaspersky Joshua Wieder Twitter banner
What?
Everything about this image is FABULOUS. First and foremost, it confirms my longstanding suspicion that any schmuck can make a few bucks in infosec, but to make bazillions you have to be an absolute drug-addled lunatic.

But let's get back to the picture. So many questions. Are they standing in front of a green-screen in which someone embossed click-art from Windows 95 or did they pose in front of a cheaply painted wall, like when prison convicts take "click-clicks" to send to their pen pals? Was I the only one who thought that maybe - just maybe - this was the album cover for an Autobahn reunion tour that I had somehow missed?

autobahn joshua wieder big lebowski album cover
These men are nihilists.
Someone very much needs leak the inter-departmental memo that Kaspersky sent to demand that his least photogenic employees all wear form-fitting pastels to work. It would have to be one hell of a memo to get someone to, for example, dye his faux-hawk to match the repulsive color scheme of this photo shoot, and then take it up a notch by wearing exactly the same clothes as Kaspersky while adopting the same pose as him during the photo session.

Why the guy in back isn't getting paid enough money to afford a decent razor so he can shave off the small dead animal that has attached itself to the bottom of his face. His eyes are much too close together for him to be in a Norwegian Death Metal band.

The young lady would have been depressingly normal if she had removed her bib. It doesn't matter how delicious the wings and/or lobster is there is really no excuse for such a thing in public.

The guy on the far left I will leave alone because he is obviously just a tech support guy.

That leaves the very young John Oliver look alike on the far right. The gentleman in the skin-tight, lavender turtleneck with matching pants that no doubt conceal a lacy set of Rocky Horror garters.

"I have equity,"
What can you say to the Programmer Formerly Known as Prince, other than, of course, "shine on you crazy diamond"? There is just something about showing off your nipples to your co-workers that screams self-confidence. Smart is sexy.

Everything about this image was pure comedy. Is this some sort of genius (failed) viral marketing ploy? Or it Eugene a few bots short of a net? Only time will tell.

Florida Division of Elections moved all of their campaign finance records and forgot to tell anyone

It's almost like .... they don't want people to look at the financial records for election candidates.

For quite some time now, if you were a reporter or opposition researcher or political consultant and you wanted to dig up some dirt on a political candidate in Florida you would spend at least some time on the Florida Department of State's Division of Elections website. On that website was an application that I have always referred to as "Dodo", because its URL was doedoe.dos.state.fl.us and thanks to the miracle of modern browsers, typing "Dodo" into the address bar would usually get me there sooner or later. Dodo was the place to go to lookup campaign contribution records for both candidates and political committees (of which the most commonly known is a PAC) registered in the State of Florida.

So you can imagine my surprise when, just for kicks, I decided to pay Dodo a visit and found this:


Maybe I made a mistake. I looked up one of the bookmarks I had for specific search applications within Dodo:


Can I just take a moment to point out that PE file CGI's are lame? Look, I know ... Windows, you have some ridiculous legacy thing, I get it, but when people wonder why our list of most innovative technology includes shrinking email to 140 characters and making it public instead of flying cars this is why.


Non-stupid web applications outside of the stupid cgi-bin directory are also impacted.

Readers, I started to become concerned. Had someone broken into the Department of State and stolen this one 10+ year old server hosting information that is exclusively in the public domain (dos and most everything else didn't make sense because non-election applications for the DoS work fine)? Was this the work of some dastardly villain: Special Interest Man or worse yet the Koch Brothers? Had someone from outside the network defaced the site or, more likely, someone within the network simply broke it?

It took me a while to come around to the realization that the Department of State had just turned the website off. Not very long. Maybe like two minutes (they were a tense two minutes). The screens above are what happen when you stop a site in IIS7, obviously an admin had stopped the site. But why?


Can you read that fine print down there? Of course you can't. You can't read it because I had to zoom out to 50% of the normal size of this page to include the relevant part above the fold. Here is what it says:

WELCOME TO THE NEW DIVISION OF ELECTIONS WEBSITE!

The Department of State, Division of Elections, welcomes you to our new website. We hope you find our site easy to navigate. Please explore the new layout. Questions, comments, or suggestions about the new website can be sent to the Division of Elections at DivElections@dos.myflorida.com

I found this nuggest of gold by dropping the Dodo prefix to get dos.state.fl.us which now redirects to http://dos.myflorida.com - from there I located a directory called /elections/. So the Division of Elections has a new website. That they didn't tell anybody about. Where are the Dodo search tools that actually enable users to review Campaign contributions?

To get those tools, you need to go to a contextual link for the 'Media Room' in the footer of the elections page above containing contact details. From there, you need to go below the fold again to click on the 'Campaign Finance' contextual link. Then, another three pages down is the Campaign Finance resources - again directly above the footer.

There is nothing unusual about a new website, or even changing a domain. But even a first-day-on-the-job web developer is familiar with a 301 or permanent redirect. Clearly someone with the Department of State is capable of copying and pasting a redirect from a howto guide, because such a redirect is in place for dos.state.fl.us, just not the applications at doedoe.dos.state.fl.us. In fairness, redirects can break web applications. However if this were the case for Dodo, a redirect could have been placed to a landing page for the applications.

I am not the only one who depended upon a reliable path for these applications. The Florida 1st District Court of Appeals referenced the older URL in decisions (PDF). Journalists across the country rely on these applications to research campaign finance issues in Florida. This migration should have been handled with basic competency.

Sunday, July 26, 2015

Errors with Nikto installation or operation within OpenVAS

When installing the vulnerability scanner application Nikto/Nikto2 using yum with RedHat Enterprise Linux 7 or CentOS 7 or even Scientific Linux 7, the odds are good that you will encounter some irritating problems. Namely, the installation will fail while requiring a dependency that appears to not exist for the version of linux you are using. Fun! So you probably think you are safe if you install OpenVAS, a prepackaged suite of security utilities that includes Nikto as a plugin. But you would be wrong! Installing OpenVAS from an RPM will succeed, and everything will look fine, until you try to use Nikto within OpenVAS, which will result in a fatal error.

Nikto is included in the Extra Packages for Enterprise Linux/EPEL yum repository all recent versions of RedHat linux, which is part of the Fedora Project. While it contains third party applications, it is not a third party repository like RPMFusion or Atomicorp. I have only very rarely had problems with the EPEL yum repo, and this is the first time I have had problems with it in years.

So here is what the failure looks like:

[root@ip-172-31-20-10 notes]# yum install nikto
Loaded plugins: amazon-id, rhui-lb
Resolving Dependencies
--> Running transaction check
---> Package nikto.noarch 1:2.1.5-10.el7 will be installed
--> Processing Dependency: perl(LW2) for package: 1:nikto-2.1.5-10.el7.noarch
--> Finished Dependency Resolution
Error: Package: 1:nikto-2.1.5-10.el7.noarch (epel)
Requires: perl(LW2)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

Alternatively, if you are going the OpenVAS route, your scan report will include the following error from the Nikto plugin:

Can't locate LW2.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl 
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/bin/nikto line 63.
BEGIN failed--compilation aborted at /usr/bin/nikto line 63.

The studious reader will have noticed a common theme to the failure: a Perl module going by the mysterious initials "LW2". The initials stand for perl-libwhisker2. LibWhisker2 is in fact a library for Perl, focusing on http functions. It is commonly used by vulnerability scanners. However, to make matters a bit more complicated, more recent versions of Nikto require a slightly modified version of LibWhisker2, as can be seen from the Nikto installation guide (italics mine):
The only required Perl module that does not come standard is LibWhisker. Nikto comes with and is configured to use a local LW.pm file (in the plugins directory). As of Nikto version 2.1.5, the included LibWhisker differs (slightly) from the standard LibWhisker 2.5 distribution.
LibWhisker has always been somewhat of a pain in the ass for Nikto users. Eight years ago, when LibWhisker updated from version 1.x to version 2.x, Red Hat users found themselves unable to install Nikto when the repositories all dropped version 1.x from their package lists, even while the Nikto installer still required the previous version. Its obvious then that the package for installing the LibWhisker library has been packaged in a variety of Red Hat repositories for years. As of Red Hat 7, it is no longer included. Why? Who knows.

So how about just finding a third party repository that has addressed this issue, adding that repository to your server, and calling it a day? Seems reasonable enough, however, I looked at several repositories and I could only find one - Atomicorp - that appears to have patched this issue. Furthermore, there are many administrators who are wary of adding third party repositories to servers. Vulnerability scanners collect a wealth of very sensitive information. Even excellent third party repositories require that users provide a significant amount of trust in installing using their packages. To many admins, adding a third party repo simply is not an option.

Fortunately, I have confirmed for the time being that a previous RPM included in repositories for Fedora Core 19 will resolve the issues listed in this post. I have uploaded the LibWhisker2 RPM to my rarely-used Github page should anyone else need it. Remember you need to install Perl first, before installing the RPM.

NOTE: If you plan on using Nikto with Metasploit, you will require two additional Perl modules to correctly use logging: RPC::XML and RPC::XML::Client. Both of these are available through the EPEL yum repo using `yum install perl-RPC-XML.noarch`. This dependency is pretty clearly outlined in the Nikto installation documentation (and not required for a basic Nikto installation, like LibWhisker).

Saturday, July 25, 2015

[TUT] HOW TO CALIBRATE YOUR BATTERY STAT

How to calibrate your battery stat

Plenty of people they don't know how to calibrate their battery esp. in android phone. A lot of them encounter failed in battery stat like example instead of 10% it turns to 50-100% after a few minutes of charging. Sometimes it drains rapidly even on 20-50% battery stat. This is consider a fake or false battery stat either has a problem possible in your battery. 
How to Calibrate Battery Stats


The Android operating system has a setting called Battery Stats which indicates the battery capacity, when it is full or empty. The problem is that it sometimes become corrupted and starts displaying data that isn’t real, which causes the phone to turn off before reaching the 0%. The process of calibrating the battery would correct the information. To do this you need to fix it by calibrating in order to have ideal battery stat. There's a numerous tutorial in entire web but this method that will teach you is 100% tested by me and our member in facebook group.


Procedure:

1. Drain battery of newly bought Android phone to 10% below (ATLEAST 10% REMAINING BATTERY LIFE)

2. Charge your android phone while on OFF status until it reach 100% full battery  stat.

3. Once  Fully charged, Remove the Charger into the phone. Then Turn On the Phone.
Then hang the phone while in ON status for atleast 30 MINUTES.
Note: DON'T USE OR DONT DO ANYTHING IN YOUR PHONE.

4. After 30 minutes, Either battery life decline or not, Plug again your Charger into the Phone and CHARGE again for another 30 MINUTES.
Note: DON'T DO ANYTHING IN YOUR PHONE.

5. Once Charging is Finished, You can use your Phone now.
Battery is already Calibrated!


Note: Use this calibration only once to prevent battery issue.

Credits:
Bobby Fajardo
XDA

?Do you know ? To what depths do we find oil

The exploited reservoirs are between 600 and 8000 meters deep. But there are deeper deposits 
In 2009, it was discovered in the Gulf of Mexico as an oil field 1260 meters of water and reaching 10,600 meters deep. The presence of oil at such a depth was unimaginable ago thirties. How far in do you find
The oil resulting from the degradation of organic waste, mostly of vegetable origin, under the action of heat. But the temperature increases with depth, 30 ° C per kilometer on average. Buried in a sedimentary rock (the "bedrock"), organic debris is first transformed into a carbonaceous solid called kerogen, which coal is a variety, then give either oil and some gas (between 80 ° C and 150 ° C), or just gas (above 150 ° C). We deduce that the 

?Maths : The challenge for the sixth crown , it can be

Can a plane figure pave a large area without it being possible to pave the entire plan? This problem called Heesch landed since 1968.
Mathematicians interested in tilings of plane geometric shapes as simple as possible. They rank considering their symmetry, design algorithms that discover new, study forms allowing only aperiodic patterns, etc. Alongside these classic problems, some not address what happens on the entire plan, but what is happening locally around a point or a pad: these are the problems of entourages. We present two. The first is solved today. The second, despite steady progress, remains mysterious.

Let's start with a basic conundrum in appearance. A flat shape we give a pad P. Can we totally surround a crown composed of copies of P, leaving no space between pavers used? What is the minimum number of copies of P needed for such surroundings?

A square paved surrounds without difficulty six identical squares (below, a), and is the minimum; best, all rectangle (! not square) is surrounded by four copies of itself (b); more preferably, some pavers surround with only three copies of themselves (c).


Avoid any misunderstanding about the word crown. The ring around a block P must have a certain non-zero thickness e: the minimum distance between a point external to the blocks and a central point of the pad P must always be greater than e. Pavers around a block P (or a set of blocks E) are considered a crown for P (or E) if the removal of a single pad of the crown is contacted outside the box paved with the central pad (or E).

To find out if it is possible to surround a pad P by a ring of two P cobblestones, take a pen and paper and try! (See figure below if you can not do.)

The pentagon Heesch: a single crown

The second issue that will occupy around us originates a small German book published in 1968 when the mathematician Heinrich Heesch (1906-1995) formulated an unexpected remark. He presented a pentagon with angles 90 °, 150 °, 90 °, 150 ° and 60 ° and with the strange property: a copy of the pentagon is surrounded Heesch perfectly without overlapping or space left empty by six seven or eight copies of itself forming a crown, and yet it is impossible to carry out a second ring around the first. One checks without difficulty ...

The problem sudoku : Tips , solve , calculations , illusion

The data of 16 digits in a Sudoku is insufficient for solving the problem is unique. To prove this, it was necessary to list all the grids, using tips to shorten the calculations
un sudoku
It is an illusion to believe that the power of the machines dispense us from thinking. About the problem of minimum data sudoku, we will see that the limits of feasible soon reached, and that for the push, it takes ingenuity, mathematics and still a lot of patience.

Remember the rules of Sudoku and fix some terms. A "complete Sudoku" is a square table 9 March 9 = 81 squares, each containing a number from 1 to 9 and such that:

(A) each row and each column contains each digit exactly once;

(B) each subarray 3 3 3 (result of the cutting of the gate into nine squares of nine squares) contains each digit exactly once.

A partial grid is a "correct sudoku problem" if there is a unique way to complete the grid in a complete Sudoku, which is the goal of the game.

Specify that sudoku, the computer wins on humans: there are many programs that allow the computer to beat the best human speed. Good programs are the solution to a problem, as difficult as it is, in less than a millisecond. So we play for fun exercise.

When looking to make a statement, if you specify too few cases, partial grid is not correct the problem (that is obvious if one retains only one), as several solutions are possible. In newspapers, the proposed grids have about 25 boxes filled. It is known however that there are correct grids sudoku with only 17 data.

The problem of minimum data is: What is the smallest number of data a correct sudoku problem?

Example 17 shows that data that minimum is 17 or less. It has long sought, unsuccessfully, to 16 problems correct data; so we conjectured that 17 is the answer.

At least 16 or 17 boxes?

The problem remained open until, in December 2011, the answer is provided by Gary McGuire, of the University of Dublin, and his team. Following a spread calculation on a year corresponding to 800 years of computing a single processor, the conclusion was that there are no correct grid sudoku data 16 and thus the minimum number of data a correct sudoku problem is 17.

This is a mathematical theorem, and since this is the mathematical question concerning the sudoku that required the most effort, will be called "The theorem sudoku". The work that led to the state is a demonstration. As now occurs increasingly often, it is a proof with a computer. The detailed steps in the calculation has not been published because it would give a document of colossal length. The article reporting the evidence is therefore that the description of the method used, including, among others, statements and demonstrations purely mathematical propositions helpful, but not enough information so that we can verify the theorem without any reprogramming and recalculate.

Preliminary versions of the article had been available for a while, but it was published in its final form June 12, 2014, in the journal Experimental Mathematics. Despite this official publication, essential for a result to be considered ... 

Free Download Forsaken World Mobile MMORPG APK+OBB

Free Download Forsaken World Mobile MMORPG


Free Download Forsaken World Mobile MMORPG

Free Download Forsaken World Mobile MMORPG Preview 2

Free Download Forsaken World Mobile MMORPG Preview 3




Description
Please note that it may take more than 20 minutes to download the entire game. We promise you that it will be worth it!
The landmark MMORPG series goes mobile. Dive into a dynamic world of adventure!
Fantasy, legend, and myth converge in one of the most expansive mobile MMORPGs!Delve into Forsaken World, the acclaimed PC franchise, right from the palm of your hand.Raid epic dungeons and battle legendary bosses for tons of loot! Train exotic mounts, engage in fierce PVP action and more, all in a massively 3D open world! There’s a whole new universe waiting for you – will you answer its call?
Features:
√ Free to play fantasy 3D MMORPG!
√ Play online in real time with friends, or destroy them in PVP!
√ Take on dungeons and bosses for epic loot!
√ Revolutionary 3D graphics with beautifully rendered environments!
√ Capture and train exotic mounts!
System Requirements:
- Android OS 4.0 and above
- Internet is required



Download
APK
OBB

Intructions:
Install APK and download OBB the extract via z-archiever or rootexplorer in Android phone or Winrar or Winzip in PC..
then move OBB file in sdcard/Android/obb folder or create folder if you don't have.


Welcoming super-Earths , Exciting details , So nice

There are undoubtedly countless extrasolar planets. But what do they look like? Models suggest that many of them would be similar to the Earth, and could harbor life
You are contemplating the night sky. You look in the direction of a star around which revolves, have you read a particular planet status. Even if you can not see - you see only the star itself - you know it is several times larger than Earth and essentially consists of rocks. Sometimes earthquakes shake the surface, which is largely covered with oceans. Its atmosphere is not so different from what we breathe, and its sky is swept from frequent storms and often obscured by volcanic ash. Home she lives? According to scientists, it is not impossible ...

This astronomical dream could soon become reality. Although most of the 500 extrasolar planets discovered to date are gas giants like Jupiter instead, astronomers began to discover some - notably through the European space telescope CoRoT - which might not be very different from Earth. And the American Kepler Space Observatory, launched last year, probably discover more.

Of course, these exoplanets are in light years, so that even our most sophisticated telescopes are not able to discern the details of their surface (mountains, clouds, seas, etc.). Maybe they can do forever. In general, we can only highlight indirectly the presence of a planet, and estimate its mass and size of its orbit. In some cases, the instruments were able to obtain information on the diameter of the planet and some other details. Thus crudely known atmospheric composition and dynamics of the winds of some gas giant exoplanets.
We are far from precise measuring data on the geology, chemistry or other characteristics of exoplanets. Yet from some things, researchers are able to draw complex portraits of these distant planets, using theoretical models, numerical simulations and even laboratory experiments, combined with established knowledge for the Earth and the other planets of the solar system.

In our research, for example, we modeled the composition of planets similar to Earth. We found that such planets even when they are much more massive than our own, seem geologically active and have an atmosphere and a climate that could be favorable to life. In fact, the Earth may be located at the lower limit of the possible mass range for a planet to be habitable. In other words, if the Earth were a little smaller, it would have become as barren as Mars or Venus.
The first super-Earths

The first extrasolar planet was discovered in the mid 1990s by the "radial velocity" method, which is to detect the presence of a planet by its gravitational effects on its star. The gravity of the planet prints a slight rocking motion to the star; movement that is detected as a shift of the spectrum of the sun.

In the early days, some researchers wondered if these were the result of physical oscillations of the star or the presence of orbiting planets. There are about ten years, one of us, D. Sasselov, while specialist variable stars, helped to show that the oscillations were well caused by planets, thus validating the radial velocity method.

D. Sasselov then joined the project of the Kepler Space Observatory, designed to search for exoplanets. Kepler was finally put into orbit in 2009. As CoRoT, it is designed to detect planets by the transit method, that is to say by observing the brightness of small periodic cuts of a star when a planet in orbit passes in front of her. The Kepler telescope is pointing to a small region of the sky near the constellation Cygnus. Its wide-angle camera will follow approximately 150,000 stars continuously for three years. Kepler is expected to find hundreds of new planets, some as small as Earth.
From the earliest stages of mission planning, D. Sasselov realized that scientists would not know necessarily exploit the mass of data produced by Kepler. For example, nobody had then modeled the process ...

Source : For the science