Wednesday, December 31, 2008

Adding a SCSI Disk in Fedora Core 9 Linux

This is a short guide that provides procedures on how to be able to use a new SCSI disk in Linux. This is based on my own notes. Your comments and suggestions are welcome J

After physically attaching the disk, as root, use fdisk –l to check if the physical disk can now be seen by Linux. 

The first disk that I had originally is also a SCSI disk (thus the device name is /dev/sda and the second disk is sdb). We can see that Linux now sees the second SCSI disk, at the device, /dev/sdb. Linux’s naming convention for SCSI devices are usually /dev/sd[a-p]. 

Now, after confirming the device name of the new disk, (e.g /dev/sdb) you may now use fdisk to create a new partition or initialize the whole disk

  1. As root, type fdisk /dev/sdb
  2. On the command prompt, enter ‘n’ without the quotes to add a new partition.
  3. Choose ‘p’ to create a primary partition
  4. Choose ‘1’ for the partition number
  5. Press enter twice to use the defaults for the cylinder sizes
  6. Type ‘w’ to write the changes to disk and exit

Now, after creating the partitions, you’d need to specify the file system that the disk will be formatted with. In this case, I’ll be using EXT3. 

  1. Type mkfs.ext3 /dev/sdb to start formatting the disk as EXT3
  2. When prompted that if you’d want to format the whole disk, choose ‘y’
  3. When prompted for the total blocks of the journal, press enter to accept the defaults

After formatting the device, you would need to create a mount point for the device. Mount points are normal directories that users use to access the device. In this case, we will be creating a directory named disk2 under /opt/disks/ 

  1. Type mkdir –p /opt/disks/disk2

Now we need to add the mount point and information regarding the new disk into Linux’s fstab. fstab is a file that Linux uses to get information about the various filesystems.

  1. Add the line above at the end of the fstab file, /etc/fstab
  2. Reboot or mount /dev/sdb to be able to access the device
  3. Create directories on the mount point (/opt/disks/disk2/), accessible to non-root users, using the chown command to give them the ownership to the directories.
  4. You may want to create links users to access these directories

After these steps, the second SCSI disk should now be accessible and users will be able to create/access files from the disk. For further details on fstab and other useful information, please visit fstab’s manpage. 

Tuesday, November 25, 2008

Excel Ninjutsu: Highlighting similar items in 2 columns

I was investigating a case that required me to compare and analyze multiple hosts' requests to similar external sites. In this case, I already have the list of IP addresses. I just needed a way to compare the data. Here's a quick way to do this in Excel.

1. Copy the data to be compared in 2 columns
2. Click Format > Conditional Formatting
3. Choose "Formula is" in the drop down menu
4. Use the countif() function to search the items. $A:$B are the columns being compared. Change this, based on your need.


5. Choose the format color > Click Ok

Similar items are now highlighted.

Monday, October 27, 2008

Using Google Alerts and Twitter as an Information Gathering/Mining tool

Google Alerts complement RSS for me. I like being able to get alerts for articles as they are posted online. Technically, you only get alerted if, Google (GoogleBot) has already crawled the web page.

Sometimes, it's quite cumbersome wading through the massive data that RSS mines, and might not to get that much needed information in realtime.

It would be useful for:

- Stock Market junkies and Security Enthusiasts: Getting the latest news on a company that you have positions on, or conducting information gathering tasks as part of a penetration test
- Sports fans: To get real time results of the sporting events that they like
- Journalists: News updates in realtime, a journalists' nirvana perhaps?
- Other: Sky's the limit

On the side note on the possibilities, here's a link to an article that reports the US Department of Homeland Security tagging twitter as a "potential terrorist tool":

... well, there are tons of social networking sites on the net can be used for information gathering and as communication medium for both legal and illegal activities. There's nothing new about this.

Google Alerts:
"Google Alerts are emails automatically sent to you when there are new Google results for your search terms. We currently offer alerts with results from News, Web, Blogs, Video and Groups."

Saturday, October 18, 2008

Knowing where and how your Gmail account was accessed

For people that would like to have a list of hosts and information on how their Gmail account was accessed (Web, IMAP, POP). Gmail has an activity information page that can be accessed at the bottom of your Gmail Mailbox. Clicking the "Details" link will lead you to a screen similar below:

Aside from being paranoid to check this list from time to time, it is advisable to have a complex password, even from free Internat accounts that you use.

It's also a good thing to change your passwords in a scheduled manner. Applications such as Password Safe can be utilized to save the hassle of remembering all those complex passwords.

ChangeThis Newsletter

Just giving a shout out at the folks at the ChangeThis Newsletter for the great content they constantly share with the community.

Even though they are tidbits or summaries of upcoming books or publications, the information they share is definitely invaluable.

They deliver content on a broad range of topics, ranging from Marketing, Technology, Management, Phsychology, Society, or just any idea that these group of authors have been working on.

Definitely great reads. Check them out at:

Regarding ChangeThis:

"ChangeThis is creating a new kind of media. A form of media that uses existing tools (like PDFs, blogs and the web) to challenge the way ideas are created and spread. We're on a mission to spread important ideas and change minds."

Wednesday, October 1, 2008

IDA Pro 4.9 Free version

I recently got word of a free version of IDA pro. Still playing with the features, and getting back my RCE-fu. Will post RCE articles if the time permits.

Wednesday, July 2, 2008

Encrypted Instant Messages using Pidgin

The Internet is a public network, and Instant Messaging is one of its insecure applications to transmit data on. As we all know, we send and receive messages as plain-text. Good news for Pidgin users. Using the Pidgin-encryption plug-in, we may now encrypt our messages using RSA(it supports up to 4096 bit keys). Please take note that both IM sender and IM recipient should be running Pidgin and the plug-in.

Procedures to use the plugin:

1. Download the installer for your Operating system at:
2. After the download, close all pidgin sessions.
3. Install the plug-in and reopen Pidgin.
4. Click Ctrl+U to Open the plugins menu.
5. Ensure that the checkbox "Automatically encrypt if sent an encrypted message"
6. Open a chat session window to your message recipient. On the upper portion of the chat window, you should be able to see a greyed out padlock icon. Clicking on this icon will send your public key to the message recipient, and vice versa.
7. At this time, both padlock icons on the sender and recipient message windows should appear to be colored green. Messages are now encrypted.

Here is a raw network capture from Wireshark (user1 and user2 are the example sender and recipient):

YMSG.............^.;5..user1..4..user2..252..Z/YAXR/gsD81TK//5AKdAQDlhLP/tA==..97..1..14..*** Encrypted :: Key: Prot NSS 1.0: Len 249:f/4NLoFOLHIPWvvhaZJjo9Ec5+kgGm8w,MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9JZlcgp8bW2THtnYFVAMzLThbRn53aYPoOJx+gcs+D1AsnO+s+hezzIqToMGjpm+kDitcuX6oHa/vB8dWR3YUWYXaqjqAAgIFuXan6QEMQdxl2S4f4Le9xmjxQM0pW5Ly5MB7eZjW0GEuywvFR6ZhJGX9JY+b4+Pg7GtE/Y6HsQIDAQAB..63..;0..64..0..

Thursday, May 15, 2008

Tenable changes Nessus feed subscription packages

The change in the subscription can be a cause of uncertainty or doubt for Corporate users.

However, looking at the bright side, it might be beneficial to the community, as users that are not on the professional feed, may need to create their own plugins.

This news might bring a good change to the Security community.

Interview with Ron Gula, CEO of Tenable:

Saturday, April 12, 2008

Blackhat and Defcon videos for offline viewing

It may be financially and geographically improbable for some people to attend Security Conferences that we'd like to attend to. Yes, it would be neat if we can all attend, but due to economic and work related factors, we may not have the opportunity to do so.

It's a good thing that the good folks at easynews have compiled this for the rest of us to view. The site hosts recent events of blackhat, defcon and other security conferences. The top domain also has mirrors of notable sites :)

Check the link out.