Apple’s easy to hack after all?

Apple apparently left off tools that are available in the GNU compiler collection to protect against exactly this sort of attack. Dai Zovi even says that the current version of OS X is easier to hack than XP. Ouch.

Does this mean that Mac’s are less secure than PC’s? Not really, since they’re still such a small percentage of the market that they’re not under heavy attack by malware. Even though the capability exists to take advantage of this vulnverability, the return on time and effort is still a lot better on the Windows side for malware writers. Of course, someone could always decide that Macs are an underutilized target for malware and create something interesting.

Tracking the source of DOS attack with Cisco IOS

Problem: Enterprise is under Denial Of Service Attack that brings down key elements of the business or the whole network at all.
To track the attacker is the first step in handling the attack and unless the flood is coming from inside (most probably not in a well managed LAN) you will need help of your Service Provider to find out the origin. Unfortunately Service Provider’s (SP) backbone is not well suited for such forensics, as its business role is
to provide uninterrupted connectivity to ALL the clients , not only you, so SP will not enable ACLs/ip accounting/Netflow on their backbone to identify where the attack is coming from . And if source Ip of the attack is spoofed you can’t do much .

For such cases Cisco came with the nice feature called
ip source tracking that will gather flow statistics for specific destination
IPs (of victim) and periodically will export them for viewing, and will do all this without overloading the backbone router it is enabled on (Of course relevant if your SP is using Cisco gear) . Here are details:

– Enable it globally for the victim IP , here IP being attacked is 63.45.33.22

Edge(config)#ip source-track 63.45.33.22

- If you want (and if this is being done by SP they will not) you may create log entries:
Edge1(config)#ip source-track syslog-interval 2
Then you will see in logs (good for reminding to disable this afterwards) :
May 28 10:55:47.105: %DOS_TRACK-5-CFG: IP Source Tracker configured for 1 hosts

- Also you may define how often to export gathered info to be viewed (seems to depend on the platform ) :

Edge(config)#ip source-track export-interval 60

- And finally , you see the data accumulated so far :

Edge#sh ip source-track
Address SrcIF Bytes Pkts Bytes/s Pkts/s
63.45.33.22 Fa0/0 141G 485M 8244 141

Most important here will be the Source interface (in this router there is only 1 ingress interface , in real backbone you will have few feeds) where you see most of the incoming traffic for this destination IP. Then you (SP) would go to the upstream router connected to this local interface, enable the same source tracking and so on. Up to the last point in the backbone where the attacking traffic enters
the backbone of SP out of some upstream SP . Then SP would have option to contact the abuse of this upstream provider for them to investigate the issue further, or at least divert the attack to the black hole at the entry point, so end client would not be affected at all.

Ten tweaks that will improve Nokia N95 battery life by 328%

here is no way getting around the fact battery life on the Nokia N95 is less than great. Almost every N95 review addresses this issue in one way or the other. Opinions seem to range from infuriated "Nokia should provide a more powerful battery for this type of device" to apologetic "a communication and multi media power house is bound to run its battery dry in no time".

Whatever the case may be, there are things that can be done to improve upon the «default» N95 battery life time. Improvements come from tweaking a few, selected settings from their default values.

I have divided this authoritative N95 battery tweaking guide into two parts: first I will show you a few basic battery friendly optimizations and habits that can be employed by everyone. Next, I provide a few advanced tweaks that on the one hand might not fit everybody, on the other hand result in the most significant improvements.

Right, let's get cracking!

Basic Optimizations

• Update phone firmware - new firmware might include improvements to battery management.
• Bluetooth - keep it off unless needed. Put bluetooth management on «active standby» screen for easy access («Tools» | «Settings» | «General» | «Personalisation» | «Standby mode» | «Active standby apps..»).
• Brightness timeout …not more than 10 seconds («Tools» | «Settings» | «General» | «Personalisation» | «Display» | «Light time-out»).
• Screen brightness - turn it down a notch or two («Tools» | «Settings» | «General» | «Personalisation» | «Display» | «Light sensor»).
• Lower the standby timeout - mine's set to 1 minute («Tools» | «Settings» | «General» | «Personalisation» | «Display» | «Power saver time-out»).
• Camera - do not walk around with "live" viewfinder¹.

Rocket Science Tweaks

• WLAN scanning - turn it off…scan manually, or turn scanning on when needed («Tools» | «Settings» | «Connection» | «Wireless LAN» | «Scan for networks»).
• 3G - turn it off - especially in areas with poor coverage, where the N95 otherwise will spend stupefying amounts of power searching for networks («Tools» | «Settings» | «Phone» | «Network» | Set «Network mode» to «GSM»).
• WLAN transmit power (TX power level) - turn it down to, say, 4 mW. («Tools» | «Settings» | «Connection» | «Wireless LAN» | «Options» | «Advanced settings» - say YES to the prompt - scroll down to TX power level choose options/change/ and select 4 mW.).
• 10th tweak - it simply amounts to switching the phone into »offline« mode at night. In the »offline« mode, the cellular network connectivity is off (but WLAN and Bluetooth are still available) and the rationale is that since you do not make calls while you are sleeping, you might as well let the battery get some rest too.

Enjoy … and by the way, I have no idea if employing these tweaks will actually lead to a 328% improvement, but it is a nice figure, don't you think?

GPRS, WAP and MMS Settings for Mobitel

Jun 15th, 2009

by Gayan.

Yesterday I found out that Mobitel (Sri Lanka) don’t have their GPRS/MMS settings online like Dialog GSM. Even Google couldn’t find them for me! After a little bit of searching online, I finally gave in and called Mobitel’s customer support. After listening to a few songs and a recording that kept reminding that the call was valuable to them and will be attended to soon, I was finally able to get the settings from them. So to save you the pain here they are:

GPRS Settings:
Access Point: ISP

WAP Settings
- Data bearer: Packet data
- Access point name: isp
- Authentication: Normal
- Homepage: http://wap.mobitel.lk
- Network type : IPv4
- Phone ip address : Atomatic
- Proxy serv. address : 192.168.050.163
- Proxy port number : 0

MMS Settings
- Connection name – MobitelMMS
- Data bearer – Packet data
- Access point name – wapmms
- Authentication – Normal
- Homepage – http://192.168.50.165
- Network type : IPv4
- Phone ip address : Atomatic
- Name server : Atomatic
- Proxy serv. address : 192.168.050.163
- Proxy port number : 8080

Now that Mobitel is supporting 3.5G HSPA technology I’m sure they would add this information to their website soon.

Tracing an e-mail

Let's discuss, how to trace an email sender from the email header.

Viewing Email Header

Every e-mail comes with information attached to it that tells the recipient of its history. This information called a header. The below is the Full header of email .All this information comes with the email. The header contains the information essential to tracing an e-mail. The main components to look for in the header are the lines beginning with "From:" and "Received:" However, it might be instructive to look at what various different lines in the header mean.

Some e-mail programs, like Yahoo or Hotmail, have their full headers hidden by default In order to view the full header, you must specifically turn on that option. Some ways of doing this in different e-mail programs follow here:

Viewing full Header in Yahoo and Hotmail
Yahoo

Click Options -> Click Mail Preferences -> Click Show Headers -> Click "All" -> Click "Save"

Hotmail

Click Options -> Click Mail Display Headings (under "Additional Options") -> Click Message Headers -> Click "Full" ->Click "OK"

Viewing full Header in Email Clients like (Outlook and Eudora etc)
Outlook Express
If you use OE, you may not have much luck; it sometimes gives little more information than what you can see in the main window. But here's the application path anyway:

Click File/Properties/Details to find the header information.

Outlook
First, highlight the email in your Incoming window, right-click on it, and select Options. The window that comes up will have the headers at the bottom.

Eudora
Be sure the message is open, then Click the 'Blah, Blah, Blah' button from the Tool Bar, and the headers will appear.

Pegasus
Select Reader/Show All Headers/

Netscape Mail
Select Options/Headers/Show All Headers

Netscape Messenger 4.0 and 4.5
Select View/Headers/All

Full header in detail:

Message ID:

It is used to identify the system from which the the message has originated (I.e. from the system the sender has logged in). However, this is too easy to forge, and is consequently not reliable.

X-Headers:

X- headers are user defined headers. They are inserted by email client programs or applications that use email. Here from the X- headers inserted into the email by the email client it is clear that the sender has used Microsoft Outlook Express 6.00.2800.1106 to send this email.

X-Priority: 3

X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106

MIME-Version:

MIME stands for Multipurpose Internet Mail Extension. It tells the recipient what types of attachments are included in email. It is a format that allows people to send attachments that do not contain Standard English Words, but rather graphics, sounds, and e-mails written with other characters. The Mime-Version field merely confirms that the version of MIME used corresponds to the standard version (which is currently 1.0).

From:

Form is useless in tracing an e-mail. It consists of the email of the sender but this can be obviously be a fake. One can use any fake-mailer to fake the sender's name.

Content-Type:

This line tells the receiving e-mail client exactly what MIME type or types are included in the e-mail message. If the Content–Type is text/plain; charset="us-ascii" just tells us that the message contains a regular text message that uses English characters. ASCII is the American Standard Code for Information Interchange and is the system used to convert numbers to English characters.

Return-Path:

It is the address to which your return e-mail will be sent. Different e-mail programs use other variations of Return-Path:. These might include Return-Errors-To: or Reply-To etc.

Received:

This field is the key to find out the source of any e-mail. Like a regular letter, e-mails gets postmarked with information that tells where it has been. However, unlike a regular letter, an e-mail might get "postmarked" any number of times as it makes its way from its source through a number of mail transfer agents (MTAs). The MTAs are responsible for properly routing messages to their destination.

Let me strip-off the above email header to make the understanding easy. The header is splitted and the two received headers are given below.

Received Header 1:
204.127.198.35 - Tue, 25 Nov 2003 19:56:18 -0800
from rwcrmhc11.comcast.net ([204.127.198.35])
by mc7-f12.hotmail.com
with Microsoft SMTPSVC(5.0.2195.6713)

Received Header 2:
68.37.24.150 - Wed, 26 Nov 2003 03:44:57 +0000
from pavilion (pcp03530790pcs.mnhwkn01.nj.comcast.net[68.37.24.150])
by comcast.net (rwcrmhc11)
with SMTP
id <20031126034457013001nk6pe>

The MTAs are "stamped" on the e-mail's header so that the most recent MTA is listed on the top of the header and the first MTA through which the e-mail has passed in listed on the bottom of the header. In the above sample e-mail header, e-mail first passed through 68.37.24.150 (pcp03530790pcs.mnhwkn01.nj.comcast.net), and at last made its way through 204.127.198.35 (rwcrmhc11.comcast.net).

In the Received Header 2, the one marked as "pavilion" is either the domain name of the server from which the email has originated or the name of the computer from which the email has been sent. By doing a DNS query for "pavilion", it is confirmed that it is not a know host name hence, must be the name of the computer from which the mail has originated. "68.37.24.150" is the IP address from which the mail might have originated or it is the IP address of the ISP (Internet Service Provider) to which the user was logged on while sending the mail.

Trace who owns the IP address
Every computers hooked on to internet is assigned with an IP address. Individual users possess a dynamic IP address when they logged on to any ISP to access internet. These IP addresses are assigned by the ISP itself. Organization usually possess static/public IP address which is stored in a database of registries.

There are three major registries covering different parts of the world. They are

www.arin.net => American Registry of Internet Numbers (ARIN) : It assigns IP addresses for the Americas and for sub Saharan Africa.

www.apnic.net => Asia Pacific Network Information Centre (APNIC) : It covers Asia

www.ripe.net => Réseaux IP Européens (RIPE NCC) : It covers Europe

Thus, to find out which organization owns a particular IP address, you can make a "WHOIS" query in the database at any of these registries. You do this by typing the IP address into the "WHOIS" box that appears on each of these websites.

"Received Header" will have the IP address of the ISP in case the users has dialed up to the ISP while sending the email. But if the user has send the email from within the corporate then the corporate public/static IP address is logged.

By giving a "WHOIS" query for 68.37.24.150 at www.arin.net, the following result has been displayed:

Comcast Cable Communications, Inc. JUMPSTART-1 (NET-68-32-0-0-1)
68.32.0.0 - 68.63.255.255
Comcast Cable Communications, Inc. NJ-NORTH-14 (NET-68-37-16-0-1)
68.37.16.0 - 68.37.31.255

# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

From above queries it is found that the IP address (68.37.24.150) is owned "Comcast". By making further queries on "Comcast" it is found that it is the name of the ISP located in NJ, US - 08002. The result of further query is given below:

OrgName: Comcast Cable Communications, Inc.
OrgID: CMCS
Address: 3 Executive Campus
Address: 5th Floor
City: Cherry Hill
StateProv: NJ
PostalCode:08002
Country: US

NetRange: 68.32.0.0 - 68.63.255.255
CIDR: 68.32.0.0/11
NetName: JUMPSTART-1
NetHandle: NET-68-32-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS01.JDC01.PA.COMCAST.NET
NameServer: DNS02.JDC01.PA.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-11-29
Updated: 2003-11-05

TechHandle: IC161-ARIN
TechName: Comcast Cable Communications Inc
TechPhone: +1-856-317-7200
TechEmail: cips_ip-registration@cable.comcast.com

OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: abuse@comcast.net

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: cips_ip-registration@cable.comcast.com

# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Now since the IP address found belongs to an ISP, it is clear that the sender has dialed up to this ISP while sending the email. For further enquiry we can then request the ISP to provide us with details of the user who has dialed up to them at that given point of time (Wed, 26 Nov 2003 03:44:57 +0000). If the ISP cooperates, they will check their user and message logs to see who was logged into that particular IP address at that time and date. This will reveals the sender's telephone number from which he/she has dialed to the ISP. Now once we have the telephone number we can easily retrieve the name and address of the sender.

Now the above case is solved but there are also other cases where the IP address found on the email header may be owned by an organisation or a cyber cafe.

Cases1: THE IP ADDRESS OWNED BY AN ORGANISATION

But in case the IP address found belongs to an organisation then you have to request them to provide information about the user who has send the mail from within the organisation network. They must have user and message logs on their firewall / proxy and can trace each of their computers connected at the given point of time. By supplying the organisation with the e-mail header of the offending e-mail, they can check these logs and hopefully produce information of the user of that machine.

Cases2: THE IP ADDRESS OWNED BY A CYBER-CAFE

In case it is found that the sender has sent the email from a cyber-cafe then it becomes a difficult task to trace him/her. The user may not be a frequent visitor to that cyber-cafe. But let's assume that you receive such mails frequently from that particular cyber-cafe then you can install "key-loggers" in the computers at the cafe. These programs records user's keystrokes, thus creating a record of everything that was typed at a particular terminal. By reviewing the key-logger logs you may be able to trace the sender in this case.

Note: These methods would aid greatly in identifying an e-mail sender, they also would impinge on the rights of others using the computers to conduct their personal business. Such a conflict defines the ongoing struggle between the fight against terrorism over the Internet and the right to privacy, which will continue to evolve in the years ahead.

enjoy..

How To Increase IE Download speed, IE download

If you have ever tried to download several things simultaneously through IE then you may have noticed that it doesn't work quite the way you may have hoped it to. This is because IE limits the amount of simultaneous downloads to two. This is done so that the perceived download progress appears to be tolerable. If you have a high speed connection then your browser should be able to handle a few more downloads. Here is 2 different steps I found to increase your number of connections. Have fun!

IE Download Limit
This is to increase the the number of max downloads to 10.
1. Start Registry Editor (Regedt32.exe).
2. Locate the following key in the registry:
HKEY_CURRENT_USER\Software\m*cro$oft\Windows\Curre ntVersion\Internet Settings
3. On the Edit menu, click Add Value (a dword) , and then add the following registry values:
"MaxConnectionsPer1_0Server"=Dword:0000000a "MaxConnectionsPerServer"=Dword:0000000a
4. Quit Registry Editor.