More GSoC 2008 press coverage

Date: 29th December 2008
The New Straits Times : Tech & U
Local coders graduate from Google stint

Date: 8th December 2008
Oriental Daily : Education(Page 4-5)


                                                                Page 4



                                                                Page 5


.

Buffalo Linkstation

I've had a home media centre setup with the PS3 and TwonkyVision before. The problem is that there is a discrete bug with the ipw2200 wireless driver which caused my Belkin N1 to heat up a lil. Imagine after a hard days work banging the keyboard away just the get Twonky setup right on a Gentoo machine to watch that one episode of The Office US. With that, I sought after a Network-attached Storage or an NAS. Thanks to Zaid's recommendation, I went out to purchase a 1TB Buffalo Linkstation.

I was concerned about the built-in torrent client and Pvconnect Media Server. The torrent client's web interface is pretty fluid but since im with TM's Streamyx, Protocol Encryption is essential. So i've started borking away the NAS by firstly getting SSH in there. With ACP Commander, I was able to Telnet into this 400MHz ARM-9 based to enabled the sshd daemon. Surprisingly the apt-get binary file was "hidden" but regardless, it doesn't work. Tried compiling rtorrent but there was an ncurses library error. There are alternatives such as OpenLink and FreeLink but I didn't wanna go too far with it. With FreeLink, its possible to get either rtorrent or Transmission on it which supports PE. Do drop me an email/comment if there are any suggestions to this stumbling block.

With that hanging in limbo, I started looking into Pvconnect. I had purchased TwonkyVision before and am happy with it. A quick port scan revealed that port 9050 led me to configuration page of TwonkyVision. Hell yea!!! Screenshots as follows.


                                       Buffalo Linkstation Live 1TB


                                    SSHD


                                      TwonkyVision Configuration Page

2009

2009 is shaping up to be an awesome year. Got a few weeks off before heading back to Shell, in the midst of securing a sweet pad with the hookups, a Macbook Aluminum, 1TB Buffalo Linkstation along with other miscellaneous tech stuff.

Got the 2.4GHz model and upgraded it to 4GB of RAM since i'll be running VM's and the AppleCare Protection Plan. It made sense since I would be using it for a while. Been fiddling around with it and got Xcode installed to get it ready for some UmitBT work. In essence, its a sleek machine with a badass Unix core to get my work done.


                                  Macbook Aluminum

Google SoC media event

      The Hoffman Agency organized a media event on the 18th last month for the Malaysian Google Summer of Code students. Apart from me, there's Raj who worked for MySQL and Phua for freeCAD. It was great to have finally met them in person. The media event was held at Telawi Street Bistro, Bangsar. The members of press from Sin Chew, The Star and The New Straits Times were among the few who were there. The setup was awesome and the event went on swimmingly. Congrats to Raj and Phua on successfully completing their projects. Thanks to Jana and Rene for organizing a classy event.


                                 The interview


                                 Photo shoot 1


                                     Photo shoot 2


                    The Star Youth2 newspaper article
                    The complete press release from The Star Youth2


                      Sin Chew newspaper article

.

The economic state

With the global economic fiasco, it made me wonder what it would be like if this thin fabric of financial stability collapses. The Cuban's have suffered an artificial Peak Oil which resulted in a total economic collapse. That made them shift towards a resource based economy which is inspiring. They worked closely with the environment and managed to be a self sustaining nation.

Taking two schools of thought with Milton Friedmans's view on economic freedom, I am appalled with how the existing monetary systems backbone which is the US Federal Reserve grew into a general malaise. This isn't what Adam Smith advocated in The Wealth of Nations.

The Venus Project seems like a viable option but it does present various challenges to be accepted with society today. With its emphasis of a quantum technological leap, it also scrapes the notion of religion. Society has been interwoven with religion for centuries which has shaped mankind today.

I am optimistic as even with the economic decay brought by the perverse notion of scarcity which is apparent with the impending Peak Oil, society would shift into a different light as the current fallacies become obvious.

The GNU community is a great example of how a resource based economy would transpire. The Cathedrial and the Bazaar is a great read on how the GNU community functions and pushes forward which is analogues to a bazaar.

.

Iphone

Been looking out for a SingTel set for over a month now. Got another unit for Yvonne. Her sole reason to get an Iphone as well is because of jiggling icons(I kid you not).
Worked my way to jailbreak the updated 2.1 firmware with Cydia. It was really sweet to get Nmap and Metasploit running on the Iphone. Had to resort to GMDL to pre-download Google Maps to be viewed offline since data plans here are stupid. A-GPS is alright. The MAME emulator is great. The Lightsaber App was such a blast. The accelerometer had a big part in that. With MS Exchange support, I got Accenture's email account configured on the Iphone. This will increase my mobility at work which is awesome.


                                       The boxes


                                       Terminal


                                       Nmap


                                       Metasploit


.

UmitBT 0.7 released

ChangeLog snapshot

Changes since 0.7RC2
  -Distinction made between Sony Ericsson,
   Sony Entertainment & Sony Corp
   (ex:the PS3 is distinguished and mapped accordingly)
  -New manufacturers added to the detection scheme
   *Blaupunkt
   *Cisco
   *Apple
   *Microsoft
   *Intel
   *DoCoMo
   *Samsung
   *Google

For more information, check out the UmitBT project page

Note: The Windows installer will be updated to 0.7 shortly.
.

UmitBT 0.7RC2 released

                The video above shows UmitBT0.7RC2 in action.

    UmitBT is a unique Bluetooth device scanner. With UmitBT, not only are you able to probe for Bluetooth enabled devices and perform Service Discovery scans but also map them out graphically based on their manufacturer.

For more information, check out the UmitBT project page

UmitBT 0.7RC1

                The video above shows UmitBT0.7RC1 in action.

    UmitBT is a GUI based Bluetooth device scanner which does manufacturer detection. With UmitBT, not only are you able to probe for Bluetooth enabled devices, but also perform Service Discovery scans and identify the device based on the manufacturer of the device. The devices are then mapped out graphically based on the devices manufacturer.UmitBT is a branch of Umit and a product of GSoC 2008.

To obtain the svn branch of UmitBT(currently at 0.7RC1):
svn co http://svn.umitproject.org/svnroot/umit/branch/UmitBT/ UmitBT

UmitBT0.7RC1 for Windows
UmitBT0.7RC1 bzip2 source distribution

Google SoC perks

         A few days back right after Google Summer of Code 2008 officially kicked off, I received my corporate charge card from Google and a "mystery" book. All i can say about the book is that it blew me away. Gave me a whole new perspective on code design. It was breeze to get the charge card activated (thanks Leslie, it sure beats last years payout scheme). Referred to the private mailing list and there were a number of methods used to get the cash out but unfortunately this varies depending on your geographic location. The idea of associating the charge card with PayPal is used by many but unfortunately the only bank in Malaysia which allows cash withdrawal from a PayPal account is Al-Rajhi bank which gives a really crappy exchange rate and a hefty service charge.I found out that contrary to popular belief, using your credit card to withdraw cash from an ATM isn't such a bad idea since MasterCard uses current market exchange rates. There is a service charge of about 2.5% when you charge it directly to the card but only a 1% charge of the amount withdrawn if done at an ATM(CIMB ATMs accept MasterCard). It works out to be cheaper with the latter because I would end up paying only RM90(15 x 6 withdrawals) of service charge as compared to charging it directly and paying RM217 service charge for a new Macbook Pro(MB134ZP/A @ RM8,699).


                       The Google corporate charge card

Dirty hack to boost cell phone reception

Took a look at my aging Motorola V3i and realized that there is a rubber lid on the back of the phone which i found odd. After checking it out on Google, I found out that most phones have it and when removed, it is a point for an external antenna. I embarked on creating a makeshift external cell antenna for next to nothing. It would come in handy when needed.

Items needed:
1) Insulated wire
2) Wire Cutters
3) Ruler
4) Skewer


                 1. Cut out 20cm of wire


                      2. Measure out 5cm of wire and bend it to a 90                                        degree angle


                      3. From the bending point, wrap 5 times on the skewer


                      4. Pull the wire out


                      5. Measure and bend 2cm from the end


                      6. Remove the insulation


                      7. Your makeshift cell antenna is ready


                      8. Remove the rubber lid


                      9. Insert the end of the makeshift antenna to the antenna                        jack


                      10. Antenna mounted


                      11. Signal before mounting the antenna


                      12. Signal boost after mounting the antenna

Google Summer of Code 2008

            It has been a year since I applied for Google Summer of Code 2007. So much has changed since then. I'd remember the application I sent last year. It was pure conceptual without any technical backing. Looking back at it does make me wonder the difference between now and then.

            After being unsuccessful last year, Adriano was cool enough to give me pointers on areas where I should work on. I took the news positively and worked on those areas. After my internship in Sydney, I realized that ones geographical location doesn't confine you to abiding stereotypes. I am an individual. I was ecstatic when I first got the offer to perform my internship in Sydney furthermore as an acting Security Auditor/Consultant. I could say that I got a reality check on how things are done on a global scale. I was overwhelmed and lost my sense of direction. I even doubted myself of being not worthy of the position I held. I soon realized that there are always a million reasons to shy away from achieving something. With a positive attitude and willingness to work hard, I managed to pull of a security audit which gave Ronny(the sys admin) goosebumps and impressed the CEO. From being that timid Malaysian in his cubical to presenting the security audit reports revealing the passwords(obfuscated of course) of over 500 employees around the globe and a myriad of vulnerabilities across its infrastructures. I am glad that I had the support of my uncle and my workmate, David who talked me through in my moments of doubt.

            I came back with a sense of optimism and determination to pursue Google Summer of Code 2008. I'd still remember the conversation I had with my fellow d3vscan team mates over breakfast, Zaid and Hazwan about the initial idea. I am glad to have fellow comrades who were willing to be by my side to pursue this idea. The prototype dubbed d3vscan is to be our final year project. Coming from where we are, having a final year project with an average of 80k page hits per month is an accomplishment. Not to mention it being recognized and even listed in Packetstorm. I couldn't have done it without them. I am humbled by their dedication towards the project. I have to admit, it is hard to come by talented individuals which I am fortunate to brush shoulders with.

            The d3vscan prototype was included in the Umit ideas page for Google Summer of Code 2008. GSoC 2008 was approaching and I proposed the Bluetooth Scanner & Vulnerabilities Database System which is related to d3vscan. During the selection process, besides writing a Gentoo ebuild, I managed to translate Umit into several languages. I would like to thank Haoyu Bai, Ahmed Al-Ansi and my girlfriend for chipping in to help me out with the translations. I have to admit i was nervous when the results were to be announced on the 22. I was up that night talking to Francesco@nopper about the anticipation of the results. I got the email from Google at 4am.

            Being passionate about an idea and willing to take chances/risks is key. Burning the midnight oil will be a norm. Sleep becomes a luxury. But as time passes, I realized that time management and discipline are things that would be learnt throughout ones life. An advice which i hold dearly from my friend, mentor and project manager of Umit, Adriano. I also feel blessed to have the support of my parents and my girlfriend, Yvonne.

Umit Project Blog
Umit GSoC Page

d3vscan Alpha 8[Windows] released.

Alpha 8[Windows] release highlights:

* Integrated Windows Installer
* Experimental Bluetooth Stack installer provided
* Vulnerability Scanner plugin (v0.6) integrated
* Several bugfixes

                                    d3vscan Windows Installer Screenshot 1


                                    d3vscan Windows Installer Screenshot 2

The Neural Network OS identification plugins would be included in the next Linux and Default Source release of d3vscan.

Updates on d3vscan Alpha 8 release.

    d3vscan Alpha 8 is now scheduled for release sometime next week. This is a major release with significant changes as follows:

1. The beta version of the Neural Network optimized OS detection plugin(non-windows). Zaid's has a blog post about his achievement here.
2. The beta version of OSVDB based vulnerability scanner plugin
3. A unified Windows installer for d3vscan. Installing d3vscan on Windows would merely be a few mouse clicks away. Ondrej played a big role in this.
4. A Gentoo ebuild for d3vscan will be on the portage tree by next week.
5. Several d3vscan bugfixes.

    The d3vscan website has also been redesigned again. It has been stripped down and based solely on HTML. We are aware that the previous website loads really slowly and that was the primary issue we wanted to address. Not only that, the CMS used had an issue of formatting foreign code(Javascript) which caused amok with Google Adsense . I am looking into Drupal CMS for the long run and this website will do for now.


                                             New d3vscan website screenshot

Video about Umit & Google Summer of Code

              This is a video explaining Google Summer of Code, how to participate with the Umit project and how to make a good proposal to increase your chances of being accepted this year.

d3vscan Vulnerability Scanner plugin

      I've been working on the vulnerability scanner plugin for d3vscan utilizing the OSVDB database. With the correlation amongst the product_id, version_id and vendor_id, this correlation_id is then used to obtain the respective vulnerability. The issue thus far is that the correlation is made upon a larger subset when Nmap isn't able to populate the osmatch field. I have added checks on the generated osmatch but nonetheless, the accuracy depends on the OS identification. That is where I hope the work of Zaid and Hazwan for the improved Neural Network based OS identification comes in. Here are some screenshots:


                                 The Plugin Screen


                                 Vulnerability Scan Results in Scan View


                                  Vulnerability Scan Results in List View

d3vscan gets 10,000 hits per day!

                                         d3vscan gets 10,000 hits per day!


    Fixed bugs such as modularizing SDP Browsing so that it doesn't freeze d3vscan when it's loading the *.ubt file and several Map View bugs for a closed Alpha 7.1 release. Checked out the statistics of the d3vscan site and found we've just hit 10,000 hits per day(on March 8th). d3vscan was also featured on the main page of Sourceforge.



                                   d3vscan featured on Sourceforge's Main Page

d3vscan Alpha 7 release.

      With the release of Alpha 7, d3vscan has reached it's functionality target. That being said, the next phase would be fine tunning,code cleanup & ironing out bugs. I have decided to drop the radial map in Map View for Bluetooth mode since msbt(Win XP) doesn't support RSSI scanning. I am also looking into the vulnerability scanner plug-in based on OSVDB. Do stick with the sqlite3 module (Python 2.5) if you need any database functionality with your Python applications. Pysqlite is relatively buggy. Zaid and Hazwan are still working on the OS identification optimization plug-ins. Their work is scheduled for the Alpha 8 release.

      I will be away next week and busy preparing for my Google SoC 2008 proposal under the Umit project for the weeks to come. I am excited about GSoC 2008 and Umit. The d3vscan prototyping experience will be invaluable when writing my GSoC proposal. I've been working hard for almost a year now plus this is my last shot at GSoC. The stakes are high. I am keeping my fingers crossed as things unfold.

d3vscan Alpha 7 release highlights:

-Bluetooth Map View
-Real-time SDP browse

                                   Bluetooth Map View


                                   Service Discovery Protocol Browse

d3vscan gets recognized

     d3vscan initially made some headway after being featured on the Umit Project Page (thanks Adriano). Upon being accepted into Freshmeat, Google searching d3vscan sure does yield some results. Even Packet Storm has featured d3vscan. I would like to thank everyone involved with the d3vscan project for getting us thus far. It feels awesome to get some recognition after working on this for months. I am aware that d3vscan is still in Alpha and there is so much work pending but this pat on the back is a morale booster for the team.

     Zaid will be working on the new d3vscan project website. The caching issue on sourceforge is messy (we tried mounting a /tmp/presistent/) for our CMS. We'll try to retain the similar design for the new website. We do apologize for the slow access time encountered by our users.


                                        d3vscan on Packet Storm


                                        d3vscan project page traffic

Updates

  Google SoC 2008 is nearing and Umit is once again participating as a mentoring organization. Ideas for this year includes my Bluetooth scanning idea where d3vscan has already made some headway. Looking forward to this years Google SoC. Flyers for the project would be out soon. Hopefully in time for LinuxSIG's Linux Fest this week. I am planning to conduct a class/classes with Zaid on Python,PyGTK and Silverlight(A simple game with Python & Silverlight) in conjunction with spreading the Umit message. Not forgetting the upcoming Mix event around mid-April which would be about Web technologies(.Net, Silverlight...) from Microsoft. Will be finalizing the details with Ryan by this week and interview sessions for committee members by the week after.

  Alpha 6 features an experimental Network Mode Map view. Besides that, a number of threading bugs has been fixed.

Umit Light is now d3vscan

Umit Light is now d3vscan[period].d3vscan Alpha 5.5 release includes the updated bluetooth device manufacturer mapping.

Umit Light Alpha 5 release!

Alpha 5.0 release highlights

-List View for both Bluetooth and Network mode.
-Able to parse Nmap's *.xml with multiple IP's
-Bluetooth mode uses Umit Light's native UBP file format.
-Bluetooth device manufacturer detection

 With that, development would now head towards Map View with PyCairo. An experimental installer for Windows has been created. If there is anyone familiar with py2exe, do drop me an email. The experimental installer has issues with custom modules (spits out a ctypes error on main.pyc execution).

Screenshots:

Umit Light Alpha 3 release!

Alpha 3.0 release highlights

-Able to load and save scans.
    *Network mode uses Nmap's XML output.
    *Bluetooth mode uses Umit's UBP file format.
     (scheduled for Alpha 4.0)

-Preference and Plugin dialog added.
    *Ability to customize Nmap scan flags
    *Plugins framework.

Project development is on rolling out List View in both Network and Bluetooth mode(sched for an Alpha 4 release).The Bluetooth scanning and device detection would appear on Alpha 5. The Neural Network Optimization(non Windows) Plugin progress status is on code development now(one notch up from research). You guys can check out Zaid's blog post about this from here.

War on Scientology

The attack on Scientology, which Anonymous has dubbed Project Chanology, started in recent days, set off by the Church's most recent attempt to censor the internet by forcing sites to remove a creepy Tom Cruise Scientology video. Youtube has complied and removed the video but nonetheless, the video can be downloaded from here.

Video Message to Scientology

PortBunny

Watched the video recording of Recurity Labs presentation on PortBunny during the 24th CCC. I've been involved with Nmap for over 2 years and I have to admit that the presentation did push me to the edge of my seat initially. Their points are well constructed and the graphs did show a contrast of things. At the end of the presentation, I realized that they were emphasizing on the speed aspect whilst sidestepping the accuracy aspect which IS A BIG DEAL. Sure Nmap takes 12 minutes, 18 seconds whilst PortBunny took 15 seconds to scan. That is an average of 4,369 probes per second. Nmap can scan that fast too if you remove congestion control and toss out the idea of accuracy. Though i do agree that Nmap's timing-code algorithm which is still based on TCP-RENO is from the 80's needs a long deserved overhaul.

Fyodor's response
PortBunny Project Page

"PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned."

Wardriving )(

Went out Wardriving earlier with my girl. It was a Saturday night and we needed to get out. It was either this or smacking my head with either a stone or a chisel (kinda symbolic with respect to where we are). Got the car hooked up for the drive. The 9db antenna was mounted at the back. There's one thing I have to point out is that with a 500mW Alfa(RTL8187) wireless adapter, being in close proximity with the antenna can seriously mess you up(ex: headaches,nausea). Which is why the antenna is mounted outside. Got my power inverter powered on in case the battery gives up. Took a few snaps with my Nikon for shits and giggles. We didn't expect this municipality to have that many access points powered up on a Saturday night. We drove up to a few spots before ending the session. All in all, more than 60 access points were found which I found pretty darn impressive for an area where Google dosen't give a crap about to map out in Google Maps. What makes it scary besides the open access points found is that more than 40 of the access points detected are on 64-bit WEP keys.

Setting up the wireless adapter

Where the laptop would reside. Power Inverter located below the seat.

Backseat Layout (Didn't really use the Pringles Bluetooth Directional Cantenna)

My girl helping me out to monitor the results

Airodump-NG in action