SecurityFocus Linux Newsletter #361
----------------------------------------
This issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.
www.csiannual.com
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Rebinding attacks unbound
2.Aspect-Oriented Programming and Security
II. LINUX VULNERABILITY SUMMARY
1. Red Hat Linux Kernel Stack Unwinder Local Denial Of Service Vulnerability
2. Linux Kernel eHCA Driver Physical Address Space Information Disclosure Vulnerability
3. 3proxy FTP Proxy Double Free Memory Corruption Vulnerability
4. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability
5. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
6. XEN Xenmon.py Xenbaked Insecure Temporary File Creation Vulnerability
7. JustSystem Ichitaro JSTARO4.OCX and TJSVDA.DLL Multiple Buffer Overflow Vulnerabilities
8. Trend Micro AntiVirus Engine Tmxpflt.SYS Local Buffer Overflow Vulnerability
9. RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
10. vobcopy vobcopy.bla Insecure Temporary File Creation Vulnerability
11. Liferea Feedlist.OPML Local Information Disclosure Vulnerability
12. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
13. McAfee E-Business Server Authentication Packet Handling Integer Overflow Vulnerability
14. Mono System.Math BigInteger Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Linux Hardening
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455

2.Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Red Hat Linux Kernel Stack Unwinder Local Denial Of Service Vulnerability
BugTraq ID: 26158
Remote: No
Date Published: 2007-10-22
Relevant URL: http://www.securityfocus.com/bid/26158
Summary:
The Red Hat Linux kernel is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

2. Linux Kernel eHCA Driver Physical Address Space Information Disclosure Vulnerability
BugTraq ID: 26161
Remote: No
Date Published: 2007-10-22
Relevant URL: http://www.securityfocus.com/bid/26161
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain a portion of the physical address space. Information harvested may aid in further attacks.

3. 3proxy FTP Proxy Double Free Memory Corruption Vulnerability
BugTraq ID: 26180
Remote: Yes
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26180
Summary:
3proxy is prone to a double-free memory-corruption vulnerability.

Attackers may be able to exploit this issue to cause denial-of-service conditions.

This issue affects 3proxy 0.5.3i; other versions may also be vulnerable.

4. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation Vulnerability
BugTraq ID: 26185
Remote: Yes
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26185
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

5. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
BugTraq ID: 26188
Remote: No
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26188
Summary:
Gnome-screensaver is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.

This issue affects gnome-screensaver released with Ubuntu 7.10; fixes from Ubuntu are available; other versions may also be affected.

6. XEN Xenmon.py Xenbaked Insecure Temporary File Creation Vulnerability
BugTraq ID: 26190
Remote: No
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26190
Summary:
Xen is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Xen 3.0; other versions may also be vulnerable.

7. JustSystem Ichitaro JSTARO4.OCX and TJSVDA.DLL Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26206
Remote: Yes
Date Published: 2007-10-25
Relevant URL: http://www.securityfocus.com/bid/26206
Summary:
JustSystem Ichitaro is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow attackers to execute arbitrary code in the context of a vulnerable application; failed attempts will likely cause denial-of-service conditions.

These issues affect these versions:

Ichitaro 11, 12, 13, 2004, 2005, 2006, 2007
Ichitaro for Linux
Ichitaro Lite2
Punch
Ichitaro viewer

Other versions may also be affected.

8. Trend Micro AntiVirus Engine Tmxpflt.SYS Local Buffer Overflow Vulnerability
BugTraq ID: 26209
Remote: No
Date Published: 2007-10-25
Relevant URL: http://www.securityfocus.com/bid/26209
Summary:
Trend Micro AntiVirus engine is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges and completely compromise affected computers. Failed exploit attempts could crash the computer, denying service to legitimate users.

Applications that incorporate 'Tmxpflt.sys' 8.320.1004 and 8.500.0.1002 from the AntiVirus engine are vulnerable, including Trend Micro PC-cillin Internet Security 2007, ServerProtect, and OfficeScan.

9. RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
BugTraq ID: 26214
Remote: Yes
Date Published: 2007-10-25
Relevant URL: http://www.securityfocus.com/bid/26214
Summary:
RealNetworks RealPlayer is prone to multiple memory-corruption vulnerabilities that arise when the application processes specially crafted files.

Successfully exploiting these issues will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will cause a denial-of-service condition.

10. vobcopy vobcopy.bla Insecure Temporary File Creation Vulnerability
BugTraq ID: 26233
Remote: No
Date Published: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26233
Summary:
The 'vobcopy' tool creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

11. Liferea Feedlist.OPML Local Information Disclosure Vulnerability
BugTraq ID: 26254
Remote: No
Date Published: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26254
Summary:
Liferea is prone to a local information-disclosure vulnerability because the application fails to set file permissions correctly on a backup file.

Attackers can leverage this issue to obtain sensitive information used to construct valid login credentials.

This issue affects versions prior to Liferea 1.4.6.

12. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 26268
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26268
Summary:
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.

13. McAfee E-Business Server Authentication Packet Handling Integer Overflow Vulnerability
BugTraq ID: 26269
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26269
Summary:
The application is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.

Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. This is turn may result in a complete compromise of the affected system. Failed exploit attempts will result in a denial of service.

The issue affects McAfee E-Business Server 8.1.1 for Linux and 8.5.2 for Solaris. Versions for Windows are not affected.

14. Mono System.Math BigInteger Buffer Overflow Vulnerability
BugTraq ID: 26279
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26279
Summary:
Mono is prone to a buffer-overflow vulnerability because the application fails to adequately perform boundary checks on user-supplied data.

Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Linux Hardening
http://www.securityfocus.com/archive/91/482082

Read More...... Read More...

The comment subscription feature allows readers of a blog to receive an email each time a comment is made to a particular post. You can subscribe to a post's comments by clicking the "Email" link next to "Subscribe to comments" on the post page.

In order to subscribe to comments by email, you must be logged in to a Google Account. Please log in with the account using the email address at which you'd like to receive the comment emails. As soon as you're logged in, you'll be taken to a confirmation page where you can click "Subscribe" to opt in. On this page, you'll also have the option to use a different Google Account to receive comment emails.

After you subscribe, you'll receive one email for every comment published on the post. For moderated comments, an email will be sent out only after the comment has been approved by the moderator.

You can unsubscribe from comments by email at any time; just click the unsubscribe link in the comment emails you receive.

Or, alternatively, you can click the "Unsubscribe" link on the blog's comment page. Then, just as when you subscribed to comments by email, you'll be taken to a confirmation page where you can confirm your unsubscription.

Notes:

* You may only subscribe to comments on a per-post basis.
* If your Google Account is unverified, you can still subscribe to comments but won't receive comment emails until your account is verified. If you sign up for comment emails on a blog post with an unverified Google Account, you'll see a message on the comment page to remind you to verify your account.

Read More...... Read More...

Have you ever come across a situation where you don't have access to the Internet but can send or receive email messages? With email and no Internet, how do you read websites and blogs or check the current stock prices, or find what's the top story on CNN homepage.

Well, you can do a lot of interesting things over email without a web connection - you can read any webpages over email, maintain your task list, convert documents, upload photo and videos, get dictionary meanings of words and more.

Just make sure that you have added the following address to your email address book:

10. pdf@koolwire.com - You have an Office document or a picture on your computer or mobile phone that you wish to convert into a PDF file. Just email that file an email attachment to the above address and it will soon return to your Inbox as a PDF file. [koolwire review]

9. ..@photos.flickr.com - Flickr provides a unique email upload address here - you can send your photographs to this email address as attachments and they'll show up in Flick Photo gallery almost instantly. The subject line of email becomes the photo's title while the body of the email becomes the photo's description.

8. e@xpenser.com - This is like filling data in a travel spreadsheet through email. You can use this address to gather and record your travel expenses while on the road. [xpenser review]

7. go@blogger.com - You can use this address to post pictures on any Blogger hosted blog. Any picture that you send to this email address will appear as a new blog post in your mobile blog. You can also use this service to post regular text entries to your Blogspot blog. In that case, the "Send to Blogger" email address is available under Blogger Dashboard.

6. upload@upload.slideshare.net - If you have (one or more) PowerPoint Presentations and PDF documents that you quickly want to share with friends, just email the files to Slideshare and they'll instantly turn them into a web slideshow.  [Slideshare upload options]

5. …@mms.youtube.com - YouTube member can create an MMS profile here - if you have a video clip on your mobile phone or comptuer but no access to YouTube website, you can easily upload that video file to YouTube through that email address. [Details on Youtube Email upload]

4. pdf2txt@adobe.com - Send a PDF document to this email address as an attachment and it will come back as a plain text file. Handy when your don't have a PDF viewer to open the PDF document. Alternatively, you can send the PDF file to pdf2html@adobe.com for conversion to HTML format. [ Extract Text from PDF]

3. ..@prod.writely.com - Google Docs provides a unique email address here - you can upload your documents, spreadsheets and presentations to Google Docs through this address and read them on your mobile phone using the just launched Google Docs mobile at docs.google.com/m. [Google Docs Upload ]

2. …@rmilk.com - When you signup for Remember The Milk, you are assigned a unique email address. Emails sent to this special address are automatically converted into tasks and appear in your Inbox. Click on Settings -> Info -> Inbox Email Address. Very handy for keeping a track of your unfinished tasks and getting things done while on the move.

1. wsmith@wordsmith.org - Get the dictionary definition and synonyms of any word by sending a blank email to this email address. Make the subject line as: define myword

And now the most useful email address that will help you read webpages through email without requiring a web connection:

0. www@web2mail.com - Send an email with the URL of the web page in the Subject field (e.g. www.cnn.com) and you'll soon find a copy of that web page in your Inbox. A perfect option when there's no Internet access in the area or access is restricted (for instance, you want to read the BBC homepage in China).

Another similar service is www4mail@wm.ictp.trieste.it - it will also fetch websites for you through email though in this case, the site address should go in the body of the email message.

These web-to-email services will come extremely handy for receiving on-demand Stock quotes (for the current Google stock price, type finance.yahoo.com/q?s=GOOG), weather updates, currency exchange rates (for USD to INR, type finance.yahoo.com/q?s=USDINR=X) and more.

Related: Send Fax Over Email (no Fax Machine required)

Read More...... Read More...

This is my second article about how to modify your Gnome Linux Desktop to look like OSX desktop. My first article is one year old and since that, there has been many changes in both, my knowledge and availability of the software and themes. This article is not written in such a detail than the first one. Remember that you can always take a look at the old article too. And I have also written Orange-look guide for Ubuntu which contains some good tips. This article answers better to question WHAT than HOW. What do I need if I want to imitate OSX? And not so much "how can I change my wallpaper" stuff.

Original design of the user interface that is
imitated here was created by Apple inc.

you can discuss about this article and OSX-modifying in general at Ubuntuforums in this thread. There is also a discusson thread in Finnish. I decided to write another guide, because my first guide became surprisingly popular. There are about 1000 unique visitors per day on my site and 26000 unique users per month. That is a lot more than I suspected and ever hoped. Thank you all!

Why I wrote this article?


Ok, there are almost always misunderstandings when people modify their OS to look some other OS. This is NOT about "I want a mac" or "I want OSX". If I would want a mac, I would go and buy one of those. No, this is simply about having fun by imitating and finding the limits of Gnome desktop. I often read that Gnome is considered very plain and not very configurable. I can't agree with that. Gnome is usable and simple, but yet very powerfull and it is possible to modify Gnome into anything you want. Now, I challenge KDE and OSX users to do the same. Can you make your KDE to look OSX as well as Gnome can imitate it? Or can you change your OSX to look Gnome, KDE or Windows? I doubt it, but I love to be proved wrong! Just to be clear, I don't want that OSX-look would be the default look of the Gnome. Gnome is beautiful with Tango icons and it should continue to follow it's own clean and usable style. I'm glad I made that clear. Now, let's begin...

Desktop Effects


OSX has some nice desktop effects like expose and magic lamp. Those not only make your desktop look good, but also improve usability. Of course, not all effets are good for usability and that's why Linux gives you a choice of which effects to use. Recently Compiz and Beryl were merged back to one project that is called Compiz Fusion. Compiz Fusion is a program that creates those amazing effects.

This image has been resized. Click this bar to view the full image. The original image is sized 550x309.

Screenshot illustrating "magic lamp" effect when window is minimized to the dock.


I won't discuss installing and configuring Compiz Fusion in this article for two reasons. First, there are dozens of HOWTO-guides, which tell you how to do that. Second, it depends a lot of which graphics card you have, which distro you use etc. So, I recommend that you take a look of OpenCompositing forums for more information.
Basic elements of the OSX desktop


OSX has a desktop with icons as almost all desktop environments has. What gives OSX it's unique look is a dock that works as application launcher and taskmanager at the same time. Another element is an application menubar that is located on the top of the screen. This bar displays current application's menu and some system tray icons, clock etc. This differs from all the other desktop environments as fas as I know.

Emulating OSX Dock

This image has been resized. Click this bar to view the full image. The original image is sized 511x63.

Screenshot of Avant-window-navigator emulating OSX-dock.
There are many open source projects that aims to offer OSX-dock style dock for Linux desktop. There are KXDocker, Avant-window-navigator, kiba-dock and Gnome-dock (which is actually a techology demo). My favourites are Neil J. Patel's Avant-window-navigator and Gnome-dock that was written by MacSlow. In the screenshot above you can see Avant-window-navigator that is my current choice. It can be easily modified to look like OSX-dock and it works as application laucher AND taskbar. There are also nice plugins for it that allows applications to change icon on dock. This allows Gaim to use status icons on bar and Rhythmbox to display alubm art as icon.
Screenshot of Avant-window-navigator emulating OSX-dock.


Emulating OSX menubar
OSX has only one menubar on the screen at the time. This menubar is displayed at the top of the screen with clock and system tray icons. Gnome doesn't have this kind of bar at default, but it is possible to make one. What you need is gnome-panel that is 24 pixels high. Use OSX-like background image for your panel. You can download it below. Just select the one that is correct to your resolution. If there is not version available for your resolution, it's not difficult to create one with GIMP.

This image has been resized. Click this bar to view the full image. The original image is sized 511x32.

Screenshot of Gnome-panel that is modified to look like OSX menubar

• Background for 800x600
• Background for 1024x768
• Background for 1280x1024
• Background for 1366x768
• Background for 1440x900

Now that we have a panel with nice and shiny look, it's time to add some gnome-applets to it. To imitate OSX I recommend you to use clock applet, notification-area applet, deskbar-applet, macmenu-applet and some menu-applet to add that apple logo. Deskbar is a user interface for Tracker and Beagle that you can use for desktop search. Macmenu-applet is the trickiest one here. Gnome doesn't support this kind of behaviour for default so you'll need to patch GTK-librarys with some code that AqD provided to the community. You can read more about macmenu-applet and patches at Ubuntuforums. System tray icons are based on the current icon theme. So the correct way to change them is to change the icon-theme.
There is deb-packages for Ubuntu Feisty users available at Ubuntuforums. Just see this post. There is a download link and installation instructions. These packages improve AqD's patches even more. For example, underscores '_' are removed from menuitems.

Boot screen


I couldn't find a decent OSX-look-a-like bootpslash theme for Linux. So again, I did it myself. This is the great thing with the Linux. You can always do things by your self if it's not provided already. I created an usplash theme that tries to imitate OSX boot screen. There is one difference though. In real OSX boot screen there is a nice round animation and in my theme there is a progress bar. Maybe in the future I'll learn how to make that animation to Linux boot screen. I think that it's possible to do it with usplash. I'm not a usplash theme guru yet, so this theme is not perfect. Especially it doesn't support widescreen resolutions. If you have 4:3 resolution monitor then everything is ok. If you have widescreen resolution then there will be black bars on both sides of the bootimage. If you know how to fix this, please contact me. Below is a screenshot of my current usplash theme, which you can download from here.

Screenshot of my usplash theme. This image is lacking the progress bar.

Wallpaper and desktop icons


Wallpaper isn't really a part of OSX, because everyone can change that. It still creates a nice illusion if you use the wallpaper that is used to see on other OS. That's why, if you want real OSX-look then you should also use OSX-wallpaper. Get the wallpaper from here. Well, I don't have much to say about desktop icons. There are only few and there is nothing special about them. Just create desktop icons as you have used to.

This image has been resized. Click this bar to view the full image. The original image is sized 550x309.

Screenshot of clean Gnome desktop that is modified to look like OSX.

Fonts


OSX uses Lucida Grande font. You can download this and other mac fonts from here. Below is a screenshot of my font settings. I also recommend you to add this fonts.conf file under your home directory. Rename file to .fonts.conf.It improves font rendering after X has been restarted.

This image has been resized. Click this bar to view the full image. The original image is sized 550x425.

My font settings on Gnome.

Login screen


Gnome uses GDM as a graphical login screen. There are many nice OSX-looking themes available, but none of them was good enough for me. So I took the best one and modified it a little bit. Only a little, but it's all about details. You can download GDM-theme from here. It's not perfect, but I really don't care. It's about 5 seconds on my screen and that's it. This theme is based on AppleLinux theme.

This image has been resized. Click this bar to view the full image. The original image is sized 518x297.

Screenshot of GDM-theme.
System themes


I didn't find GTK-theme that would imitate OSX as well as GTK allows. That's why I decided to create my own theme that I based on Glossy P theme, which was a good starting point. I used some of the graphics directly from Glossy P and some I did by myself. It's not a prefect copy of OSX, because there are some limitations in GTK that I can't get around. You can download my GTK-theme from here. At the moment I use Beryl compositing and it's emerald window manager. There is a great OSX Tiger theme for emerald which you can download from here.

Application specific themes


Unfortunately, not all GTK-applications uses icon-theme icons. For example Gaim, Terminal Server Client and Liferea has their own icons, which cannot be affected by changing the global icon-theme. Also Firefox and Thunderbird has themes that are out of the scope of global Gnome themeing. I don't have time and energy to write guide to all of those programs, but you should read my two previous articles, which discuss this in more detail. Here I will just offer few links and that's it.

• iFox theme for Firefox
• Apple Mail theme for Thunderbird
• OSX-theme for Gconf-editor
• OSX-theme for Liferea RSS-reader

Icons


Icons are essetial part of the desktop design. OSX has nice glossy icons and Gnome has... well... gnome has icons. I'm glad to see that Gnome started to use Tango style icons which is a huge improvment, but those doesn't really fit to OSX look that we are trying to imitate here. I have created a nice and full covering icon-theme for Gnome that uses real OSX icons and other cool icons made by talented people. Only the problem is, that I don't have copyrights and I'm uncertain can I release them here without gettig problems to myself. I advice you to create your own theme by collecting OSX-style icons from the internet. There are plenty of icons available for example at DeviantArt.

This image has been resized. Click this bar to view the full image. The original image is sized 514x428.

Polishing user interface


It's all about details. Espesially when you are trying to imitate something or someone. So here are some final tips that I recommend you to do. First remove that gnome-splash screen. There is no use for that and it's not very elegant. Below is a screenshot where "Show splash screen on login" is unchecked. Do the same. Notice that in latest Gnome this has to be done with gconf-editor since it's not an option in session window anymore. Another thing that I did is that I removed icons from menus. This gives a cleaner look, but it also might make your desktop less usable. At least in Gimp those icons are very handy. Anyway, here is a screenshot of my menu & toolbar settings.
All in all, keep things simple! Do not add dozens of icons to your desktop.

Read More...... Read More...

http://www.windowz.ru/index.php?newsid=1146255787
download Live CD for Wireless hacking (635 mb - .iso)

http://www.megaupload.com/?d=O8UR88GP
http://www.megaupload.com/?d=CVOVMKVR
http://www.megaupload.com/?d=8F52U078
http://www.megaupload.com/?d=R458UL5W
http://www.megaupload.com/?d=KVW2RIRF
http://www.megaupload.com/?d=L9TQ0HU1
http://www.megaupload.com/?d=3OTZP2NO

Read More...... Read More...

Sebelum bisa masuk ke "rumah" orang pertama sekali kita harus tau dulu SSID dia. Gmn cara mengetahui SSID nya?.. Mungkin ada banyak cara, tapi ada 2 yang sering orang gunakan:
1. Menggunakan Netstumbler. (Ms Windows)
2. Menggunakan Kismet. (Linux)

Ketika kita menggunakan software tersebut, tentunya kita akan melihat beberapa SSID, yang tentunya ditangkap oleh perangkat wifi kita. Nah disitu kita bisa melihat SSID nya ter protect atau tidak. sistem proteksi di bagi 2: WEP dan WPA (anda bisa googling untuk pengertiannya).

Gmn cara masuk access point hotspot (WiFi) yang diprotek sama admin?
Untuk sistem proteksi WEP, yang pertama sekali anda lakukan adalah melakukan dumping packet data. di ms windows anda bisa menggunakan airodump.exe. software ini hanya mengenal chipset Hermes/Realtek dan Aironet/Atheros (http://atheros-chipset.blogspot.com/) .. Aduh chipset orinoco masuk ke chipset mana yah

nah perangkat anda bukan chipset tersebut, mending di buang aja  karena ga bakalan di baca  .. (cari alternatif s/w lain yang bisa ke detect)
Card yang udah saya coba:
1. senao pcmcia ( ga mau tuh )
2. avaya pcmcia ( mau ne )
3. usb-wifi linksys tipenya ga tau ( ga mau juga )

dumping ... usahakan dumping packetnya yang banyak, biar nantinya mudah di crack gtu  (mending tidur dulu .. golek sini golek sana)

ok klo udah, buka wincrack-ng
nah terus crack tuh SSID yang mau di tembusin tadi..
maaf.. tulisan ini tidak terlalu lengkap,. jika ingin lengkap bisa googling aja .. dari artikel bergambar sampe video ada tuh

Read More...... Read More...

BSD - Airtools -- http://www.dachb0den.com/projects/bsd-airtools.html
NetStumbler --
http://www.netstumbler.com/
Kismet -- http://www.kismetwireless.net/
Fake AP --
http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
Wellenreiter --
http://www.remote-exploit.org
AirSnort -- http://airsnort.shmoo.com/
WaveStumbler --
http://www.cqure.net/tools08.html
Airosniff --
http://www.wildpackets.com/products/airopeek
AiroPeek --
http://www.wildpackets.com/products/airopeek
StumbVerter -- http://www.sonar-security.com
AP
Scanner -- http://homepage.mac.com/typexi/Personal1.html
WEPkrack --
http://wepkrack.sourceforge.net/
Prism2 -- http://hostap.epitest.fi/
Mini Stumbler --
http://www.netstumbler.org/download.php?op=getit&lid=21
SSIDsniff --
http://www.bastard.net/~kos/wifi/
MacStumbler -- http://homepage.mac.com/macstumbler/
WaveMon --
http://www.jm-music.de/projects.html
PrismStumbler --
http://prismstumbler.sourceforge.net/
AirTraf -- http://airtraf.sourceforge.net/
MogNet --
http://chocobospore.org/mognet/
AirMagnet -- http://www.airmagnet.com/products.htm
Isomair --
http://www.isomair.com/products.html
Air-Jack -- http://802.11ninja.net/
AirDefense --
http://www.airdefense.net/products/index.shtm
WiFiScanner --
http://sourceforge.net/projects/wifiscanner/

http://www.tech-faq.com/wi-fi-software-tools.shtml

http://wardrivingonline.com/downloads/wardriving.htm#Windows
http://www.tuto-fr.com/en/tutorial/tut
orial-krack-wep-airkrack.php
http://www.airkrack-ng.org/doku.php?id=tutorial
http://rapidshare.com
/files/28386387/AiroPeek.rar
http://rapidshare.com/files/28384499/airsnort.rar
http://rapidshare.c
om/files/28384120/airkrack.rar
http://rapidshare.com/files/24033888/WiFi_WEP_Key_Finder.rar

Read More...... Read More...

Berikut adalah beberapa list gratis dari internet.

SDF (freeshell.org) - http://sdf.lonestar.org

GREX (cyberspace.org) - http://www.grex.org

NYX - http://www.nxy.net

ShellYeah - http://www.shellyeah.org

HOBBITON.org - http://www.hobbiton.org

FreeShells - http://www.freeshells.net

DucTape - http://www.ductape.net

Free.Net.Pl (Polish server) - http://www.free.net.pl

XOX.pl (Polish server) - http://www.xox.pl

IProtection - http://www.iprotection.com

CORONUS - http://www.coronus.com

ODD.org - http://www.odd.org

MARMOSET - http://www.marmoset.net

flame.org - http://www.flame.org

freeshells - http://freeshells.net.pk

LinuxShell - http://www.linuxshell.org

takiweb - http://www.takiweb.com

FreePort - http://freeport.xenos.net

BSDSHELL - http://free.bsdshell.net

ROOTshell.be - http://www.rootshell.be

shellasylum.com - http://www.shellasylum.com

Daforest - http://www.daforest.org

FreedomShell.com - http://www.freedomshell.com

LuxAdmin - http://www.luxadmin.org

shellweb - http://shellweb.net

blekko - http://blekko.net

atau bisa juga cari di www.google.com dengan keyword : Free Shell

Read More...... Read More...

Title : Hacker ? Its not about black or white
Author : y3dips
Language : Indonesian
Publisher : Jasakom.com
ISBN : 978-979-1090-07-0
Harga : Rp. 40.000,-
CD : Tidak
eLearning : Tidak
Index : Ya
Halaman : 138
Level : Menengah
Release : 22 Agustus 2007

Spoiler : Arik adalah seorang anak SMU dengan kemampuan hacking yang
tinggi. Dengan kemampuannya, Arik mendapatkan banyak sekali pengalaman
yang menarik seperti berkenalan dengan wanita yang disukainya setelah
melalui proses hacking terhadap handphone-nya terlebih dahulu,
melakukan hacking terhadap komputer bandara, menjadi panitia kontes
hacking, sampai pengalamannya yang secara tidak sengaja telah membantu
penjahat melakukan hacking terhadap perusahaan online yang menyebabkan
mereka menjadi bangkrut.

Penjelasan berbagai aksi hacking yang dibungkus dengan cerita novel
menjadikan buku ini sangat santai dan menyenangkan untuk diikuti. Buku
ini merupakan buku pertama dan satu-satunya saat ini di Indonesia yang
menggabungkan novel dengan ilmu pengetahuan komputer yang selalu
dibahas dengan cara yang serius.

Buku ini merupakan buku fiksi yang digabungkan dengan ilmu komputer.
Ceritanya palsu namun teknik yang digunakan 100% asli dan bisa
diterapkan dalam dunia nyata !


Info lebih lanjut :
http://y3d1ps.blogspot.com/2007/08/book-hackers-its-not-about-black-or.html

Read More...... Read More...

By Peachpit Press.
Published by Peachpit Press.
Series: Apple Training.

ISBN-10: 0-321-27848-8;
ISBN-13: 978-0-321-27848-7;
Published: Jul 26, 2004;
Copyright 2005;
Dimensions 7-3/8 X 9-1/8;
Pages: 528;
Edition: 1st.

Description:
The only Apple-certified book on Mac OS X, this comprehensive reference takes support technicians and ardent Macusers deep inside their operating systems, covering everything from networking technologies to system administration, customizing the operating system, command-line programming, and more. Keyed to the learning objectives of the Apple Helpdesk Specialist certification exam, the lessons in this self-paced volume serve as a perfect supplement to Apple's own training class and a first-rate primer for computer support personnel who need to troubleshoot and optimize Mac OS X as part of their jobs. Self-quizzes and chapter tests reinforce the knowledge gained along the way.

Code:

http://rapidshare.com/files/45086064/ATS.rar

Read More...... Read More...

1. Thou shalt not log in as root.
   Use "sudo" or "su -" for administrative tasks.
2. Thou shalt use the package manager when possible.
   Sometimes installing from source code can't be avoided, but when you use your distro's package manager to install software, you can also use it to update and remove it. This is one of the main strengths of Linux.
3. Thou shalt be a part of the community.
   Freely give what you have received for free. Offer help and advice whenever you can.
4. Thou shalt read documentation and man pages.
   Always read the documentation. The people who wrote the software tried to anticipate your questions, and provided answers before you asked.
5. Thou shalt use the available support system.
   Switching to Linux can be tough. It can be frustrating, but there are a lot of people out there who want to help you. Let them.
6. Thou shalt search.
   In most cases, your question or problem has already been addressed. Try to find the answers that are already out there before asking someone to provide a new one.
   
7. Thou shalt explore.
   Linux opens a whole new world of options and possibilities. Try everything you can.
8. Thou shalt use the command line.
   Especially when it comes to configuration, use the GUI tools to get your system working, but get to know the command line versions as well. In many cases, the command line is the only way to use some of the more advanced features.
9. Thou shalt not try to recreate Windows.
   Linux is not meant to be a clone of Windows. It's different. Embrace and appreciate the differences.
   
10. Thou shalt not give up.
    I tried several distributions before I found one I liked. I still try other distros from time to time. I also tried several different programs to serve one purpose before settling on what I use now (amarok, xmms, beep, exaile for music - azureus, ktorrent, deluge for bittorrents). If you don't like the defaults, remember that you can change almost everything to suit you.

Can you think of any rules to live by to pass on to the new Linux users reading this? Put them in the comments!

Read More...... Read More...