Sunday, April 26, 2009

Weekends Trip

Last week I went to swim in Damai Lagoon, Kuching. Today and yesterday went swimming in Bintulu, Similajau National Park. Both the beaches are nice. The beach at Damai is clearer, with lots of people. I can see a school of shark or maybe fishes in the water. Not sure. I tried to swim closer but the fishes are faster. :)

But in Similajau National Park, not many people were there. But there are jellyfishes. I accidently touched one while swimming. Luckily it did not sting me. Or maybe it was still a baby jellyfish. Smaller than the palm of my hand. The beach there is nice. Coarse sands with lots of seashells though small...

How I wish I have an underwater camera...

Saturday, April 18, 2009

Distance of the Hearts

A saint asked his disciples, 'Why do we shout in anger? Why do people shout at each other when they are upset?'
Disciples thought for a while, one of them said, 'Because we lose our calm, we shout for that.'
'But, why to shout when the other person is just next to you?' asked the saint. 'Isn't it possible to speak to him or her with a soft voice? Why do you shout at a person when you're angry?'
Disciples gave some other answers but none satisfied the saint.

Finally he explained,
'When two people are angry at each other, their hearts distance a lot. To cover that distance they must shout to be able to hear each other. The angrier they are, the stronger they will have to shout to hear each other through that great distance.'
Then the saint asked, 'What happens when two people fall in love? They don't shout at each other but talk softly, why? Because their hearts are very close. The distance between them is very small...'
The saint continued, 'When they love each other even more, what happens? They do not speak, only whisper and they get even closer to each other in their love. Finally they even need not whisper, they only look at each other and that's all. That is how close two people are when they love each other.'

MORAL: When you argue do not let your hearts get distant, do not say words that distance each other more, else there will come a day when the distance is so great that you will not find the path to return.

Thursday, April 16, 2009

ATM is safe?

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches.


http://blog.wired.com/27bstroke6/2009/04/pins.html

Other kinds of attacks occur against PINs after they arrive at the card-issuing bank Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction.

During that period, the data is briefly held in the system's memory in unencrypted form.

Sartin says some attackers have created malware that scrapes the memory to capture the data.

"Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability."

He says the stolen data is often stored in a file right on the hacked system.

"These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system."

Wednesday, April 15, 2009

Flood indicator

Almost a week since the high tide prevented me from using the Stabau road. Actually 6 days. Tomorrow I dont know whether the water will recede. But I know that this 2 days, Sibu is flooded. Now it seems normal. Every month we will have flood during the King Tide.

Don't know who is responsible for this flood but for sure this floods are not normal. It only started this year, the earliest is late last year. Usually we would have flood only during the Chinese New Year. But now we would face it monthly, during the King Tide. We would have to depend on the Sarawak Government Almanac to see which road can be used.

I have an indicator which tells me which road to use. It is by looking at a toilet at the Menyan bridge. If you can see the water, which is on the same level as the toilet, definately do not use Stabau. Or even if the water is a 2 feet below the toilet. I will take a photo of it when water level is normal.

For those of you who don't know, the bridge that I have been using to take photo is a Bailey Bridge. Meaning it is a easy to built bridge because the original bridge had collapsed. Due to what??? I'll let you all to speculate. The people here had been living without a proper bridge for 2 years. Here is a picture of it.

Sunday, April 12, 2009

Trojan/Worm


The latest variant of the conficker worm finally shows its true face, and that is to make money. This variant E is first detected last week.

Variant E of the worm was the first to use the base of Conficker-infected computers for an ulterior purpose. It downloads and installs two additional payloads:[30]

* Waledac, a spambot otherwise known to propagate through e-mail attachments.[38] Waledac operates similarly to the 2008 Storm worm and is believed to be written by the same authors.[39][40]
* SpyProtect 2009, a scareware anti-virus product.





Taken from http://www.katu.com/news/tech/42811892.html
SAN FRANCISCO (AP) - The dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.

As many as 12 million computers have been infected by Conficker. Security firm Trend Micro says some of the machines have been updated over the past few days with fake antivirus software - the first attempt by Conficker's authors to profit from their massive "botnet."

Criminals use bogus security software to extort money. Victims are told their computers are infected, and can be fixed only by paying for a clean-up that never happens.

Conficker gets on computers through a hole Microsoft patched in October. PCs set up for automatic Windows updates should be clean.


Here are a few links about the conficker
microsoft
Conficker Working Group

Monday, April 06, 2009

Death...

Recently my friend just passed away after suffering from cancer. At least she suffers for less than a month. Anyway here is a story explaining what happen after death.



A sick man turned to his doctor as he was preparing to
Leave the examination room and said,
'Doctor, I am afraid to die.

Tell me what lies on the other side. '
Very quietly, the doctor said, ' I don ' t know. '
'You don ' t know? You ' re, a Christian man, And don ' t know what ' s on the other side? '
The doctor was holding the handle of the door;
On the other side came a sound of scratching and whining,

And as he opened the door, a dog sprang into the room
And leaped on him with an eager show of gladness.
Turning to the patient, the doctor said,
'Did you notice my dog?
He ' s never been in this room before.
He didn ' t know what was inside.
He knew nothing except that his master was here,
And when the door opened, he sprang in without fear. I know little of what is on the other side of death,
But I do know one thing...
I know my Master is there and that is enough. '

Deleting jwgkvsq.vmx

Just found out that the conficker worm creates an undeleteable autorun.inf in the root drive of the USB drive.

When I tried to delete it, the msg appears as follows:

Error deleting file or folder.

Cannot delete autorun: Access is denied.

Make sure the disk is not full or write-protected
and that the file is not currently in use.


So what I did was to go to the properties of the autorun file.
Click on the Security tab.
Click on the advanced button.
Change the owner to my user. Or add the current user (in my case here, admin) to allow permissions for the full control of the file.

Before I change it, the owner was the worm in the recycler folder.

After adding the owner and changing the permissions, I was able to delete the file.
Thank goodness....

Btw: remember my last post? about jwgkvsq.vmx? It is actually Conficker.

Sunday, April 05, 2009

Disable USB Drive

Remember the previous post where my pc was infected by a virus/worm? It was the conficker!! Or downaup virus.. No wonder so difficult to remove. Got several variants...
And very virulent!!

How to test for it? Here is a simple test. Just go to this site: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

You should be able to see the pictures below if you are not infected.
If not you better go to the site. The explanation is there.

Anyway microsoft is offering USD$ 250 000 for information that leads to the arrest of the writer of the worm.


Here is something I got from the net. Forgot where I got it. This is used to disable USB storage device. There a few tweaks to completely disable USB but for me, storage device is the main culprit for trojan and virus to spread, so this is the way. Cos if you disable USB, devices such as keyboards, mouse and etc could not be used.

A more reasonable option for sysadmins is to disable write access to USB port so that data files cannot be written to the mass storage device. The USB thumb drive will be read-only.

Open the Windows Registry and open the following key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\StorageDevicePolicies

Now add a new DWORD called WriteProtect and put the value as 0 to disable write privileges to the USB port. To reverse the step, either delete the WriteProtect REG_DWORD or toggle the value to 1 which will enable the port.

Remember that the above trick works only with Windows XP SP2.

If you like to go a step further and disable users from connecting USB storage devices to their computers, here's the trick:

Open registry and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor

Now in the right pane, double-click Start and type 4 in the Value data box (Hexadecimal) and quite the registry editor. To enable the USB storage devices, change the Start value back to 3.

As always - back your system up before messing around in the registry.

Just open regedit and browse to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Notice the value 'Start'

Switch this value to 4, and USB storage devices are disabled.

Switch this value to 3, and USB storage devices are enabled.

Hope this helps.
Oh ya..
This few tools are a must if you are infected. Or not.
One is the windows update.
Then conficker remover.