Saturday, August 30, 2008

Guns N' Roses Chinese Democracy Album Released?

I used to be a huge Guns N' Roses fan beginning with their fisrst album, not just hooked on the "national anthemish" Sweet Child of Mine.

With the recent news about the drug-related problems of their former drummer Steve Adler, there's news about the illegal online streaming of their new album titled Chinese Democracy.

It's been more than 10 years since this album needs to bew released. I wonder how the band will sound like. Would it be like "Appetite for Destruction" or like their last album sounding more like pop rubbish?

One of the songs in the album is already publicly available. I suspect an enterprising guy, similar to the blogger Kevin Cogill who was recently arrested for illegal streaming of the songs on his website, will quickly rip the album songs to free mp3.

MS Outlook Attachment Received as Winmail.Dat by Thunderbird

For months, Ive been receiving attachments encoded with TNEF from friends using Microsoft Outlook received by my Thunderbird email client as Winmail.Dat attachments.

I simply ignored the emails until the other day when another peer complained to me about the problem, this time, I have to look for ways to decode the attachment for it's an urgent request.

Further research and trials got to four different solutions:

1. Configure MS Outlook to send emails either as HTML or plain text. The latter is recommended for security.

2. Use the freeware Winmail.dat reader from www.kopf.com.br/winmail/

3. In Thunderbird, use the add-on LookOut to automatically decipher TNEF-encoded attachments. Don't know of any solution if you're using Lotus Notes except # 2.

4. Screw MS Outlook completely. MS Outlook and Internet Explorer are two of the worst security nightmares on the Windows platform.

The fourth one is highly recommended. You hit two birds with one stone :P

Thursday, August 28, 2008

ATM Cards as Loan Collateral at Pawnshops

There's a prevailing practice these days at pawnshops and even loansharks where they accept ATM cards, debit cards that is, as collateral for loans they offer to people, mostly pensioners and low income group mostly tagged by credit card companies as high risk.

Most clients have no credit cards, those receiving monthly pensions, or simply low-salaried employees who want to avail of the credit facilities.

The scheme is just the lender will get the borrower's ATM card and PIN, yes the PIN, so that he can withdraw the funds from the ATM to amortize the loan.

What are the implications of this practice? Is it illegal?

First, the ATM card, technically, is the property of the issuing bank; you can't pawn something that's not yours.

Second, it's a violation of the cardholder's agreement with the issuing bank to not disclose the PIN to anyone under any circumstances.

Third, any fraud claims by the cardholder will be dismissed due to negligence since there also is a clause in the ATM card application form of the bank stating that the cardholder "shall in all circumstances assume full responsibility for all transactions processed by the use of the Card whether or not processed by the use of the Card whether or not processed with the Depositor's knowledge or by his authority." (Source: Metrobank ET atm card application form).

The risks involved needs to be viewed from the borrower(cardholder) and the lender (pawnshop or loanshark/5-6 scheme)

Disclosure of the PIN to others opens his account to fraud from insiders of the lenders, who can withdraw funds unknown to the lender.

Possession of the ATM card and PIN is a potential magnet for ATM card cloning, prevalent in Europe with credit card cloning syndicates, but use the cards to withdraw funds in Eastern Europe and Asia where the AMV Standard (chip cards) is not yet implemented and still use magnetic stripe with the transaction routed via VISA or Mastercard cash advances or Plus, Cirrus, Maestro networks.

Some online banking facility allow just the knowledge of card number and PIN to make transactions. Very dangerous to those "trusted" people of the lenders.

A borrower, after getting his loan, can go to the bank to report a lost card or request a PIN change, thereby leaving the lender with a non-working ATM card, now tagged as a hot card by the issuing bank.

Lazy cardholders don't change their PIN at all, despite all the efforts of bank advising the practice. What happens after the card is with them already after full payment of the loan?

With the use of Internet Banking, mobile banking (via cellphones), cardholders can access their accounts without their ATM cards, thereby defrauding the lender.

Disclosing the PIN to lenders is the most convenient for both borrower and lender, but also the most insecure. (Security is inversely proportional to convenience, remember?) Proponents of the scheme blame credit card companies and not themselves for not practicing money smarts; IMHO, they should regularly read Ms. Salve Duplito's for practical tips on this.

I've yet to encounter horror stories of the scenarios I described above but I know, in due time, I will. And you have to put all the blame on the cardholder.

Calling BSP, who regulates the pawnshop industry, please do something about it!

Related Posts:
ATM Transaction Fees in the Philippines
Maximum ATM Cash Withdrawal Amount Limits

Tuesday, August 26, 2008

Windows Live OneCare JS/Obfuscator.C Warning

I got a complaint from a colleague of mine regarding while browsing a certain website where Windows Live OneCare pops up a warning of a certain dangerous tool JS/Obfuscator.C

I checked out the website and just concluded that the alarm is a false positive. Windows Live OneCare warned about the Obfuscator when the tool's really used to obfuscate the URL of the page to an unintelligible form, quite effective for low-life script kiddies but not for the true h4ck3rs.

My tip: screw Windows One LiveCare! Microsoft should focus more on improving security of their products before making and selling products to improve the inherent insecurity of their own product. Such a silly situation indeed.

Manny Pacquiao vs Oscar dela Hoya?

C'mon, a megabuck fight between Olympic old medalist Oscar dela Hoya, best pound-for-pound boxer ten years ago to the current best pound-for-pound toast of the boxing world is an exciting match should it really push through.

It will also be a very dangerous fight for Manny Pacquio, 4 inches smaller and with significant height and reach disadvantage, according to the tale of the tape.

Details as mush as i can gather
Date: Dec 6, 2008
Venue: MGM Grand
Weight: 147 pounds (Welterweight)
Gloves: 8 pounds
Money involved: about $100,000,000.00 (lots of zeroes, eh?)

Oscar dela Hoya is an aging fighter about to retire, said to be slow these days, but his jab and right cross is very dangerous should they hit the mark.

I'll be looking for ways to watch the online streaming video of this blockbuster come fight night!

Related posts:
Manny Pacquiao to Retire?

Friday, August 22, 2008

How to Scan for Yahoo Messenger

Part of my regular job is to scan the internal network for rogue software installations and unauthorized software. I fiddled again with Nmap to scan for Yahoo Messenger in my home network and this is a snapshot of my findings:

snapshot of nmap to scan for TCP 5101:


Interesting ports on 10.252.236.117:
PORT STATE SERVICE
5101/tcp filtered admdog
MAC Address: 00:0B:CD:A2:10:24 (Compaq (HP))

Interesting ports on 10.252.236.122:
PORT STATE SERVICE
5101/tcp open admdog
MAC Address: 00:1B:38:9E:D9:3E (Compal Information (kunshan) CO.)

Interesting ports on 10.252.236.126:
PORT STATE SERVICE
5101/tcp filtered admdog
MAC Address: 00:0F:20:24:28:30 (Hewlett Packard)

note that I found one YM install, the one with admdog open on TCP 5101.

Yahoo Messenger is unwelcome in a corporate environment. It's a big security hole, I tell you. Ban it if you will. Installing anything on office PCs need official approval from Information Security and the installation to be performed by IT staff.

Time to draft a letter reprimand to the concerned staff!

Wednesday, August 20, 2008

Nehalem Core i7 Intel Chip Catching Up with AMD Opteron's Speed?

Recently launched at the Intel Developers Forum in San Francisco, Intel announced that Nehalem, now officially called Core i7 chip has both high performance and energy efficiency.

A news report by BBC has the following claims:

"With Nehalem Intel has combined memory and processing functions into a single chip instead of using two. On the most powerful Core i7 processors this will result in as many as eight processing cores co-existing on a single chip.

Intel claims the innovations on the family of products will offer three times the memory bandwidth of the previous generation of chips and twice the performance of 3-D animation."

Seems Intel, the leading chip manufacturer is playing catch up with AMD's Opteron in terms of speed while improving power performance. Their new chip will be powering PCs and servers in years to come and can contain up to eight cores in one chip.

Monday, August 18, 2008

WeRoam SmartBro Problem: Network or DNS?

I'm receiving queries from my friends using SmartBro Wireless Internet as well asSmart WeRoam all pointing to not being able to browse various websites. Since I no longer know anyone working at Smart (except high level ones but in different departments) I can only offer a technical explanation insiders can't or won't disclose

There's a report that using a proxy, instead of direct Internet connection fixes the problem. It means there really is a network problem of Smart, probably routing or DNS.

I suggest using a different DNS for your connections by using OpenDNS, procedure here. If it works, there's a DNS problem and Smart's DNS servers also could have been hacked or poisoned.

This goes on for days/weeks now and the only real solution for you is to shop around for another Internet provider. Service that sucks is not worth your money!

Friday, August 15, 2008

How Location Finder Services Work using Cellphones

Long before Smart announced it's Location Finder service and Globe's myGlobe Tracker, I have been aware of the GSM systems capability to pinpoint the general location of a cellphone number by just knowing its telephone number.

I once had a real need for the "service" one time when, through friends working inside the two telcos, I was able to trace the location of a fraudster hiding somewhere in Legazpi City, Albay in the Bicol region when I got hold of the miscreant's mobile phone number used in his scams. (Using other tools, I was able to actually trace his location, flew to Legazpi City and nailed the bad guy)

Do you know how to trace location? It's actually just querying the GSM system for the current cellsite a certain phone number being traced is connected. It will not give you the exact location, a capability reserved to GPS (global positioning system) particularly the military band with pinpoint accuracy, but the general area (town, barangay, city) and sometimes the building, if a micro-cellsite is inside the building the tracked mobile phone is located.

This is similar to the Internet's use of IP addresses to track a location but the IP address location (technically called IP Geo-location) is publicly available on the Internet particularly the three registries, this time, the location of the cell sites are known by the telco/mobile phone providers.

More on GSM "secrets" next time...

Notes:

The system can't track a cellphone turned off or one that's located in an out of coverage area.

This capability can be abused by insider's with the privilege to query the system for locating any phone number in their own network, but only in their own network only since the systems of Globe, Smart and Sun Cellular are not interconnected for this capability.

To activate the myGlobe tracker service, just text TRACK to 2877 and follow the instructions. For Gizmo subscribers, text GIZMO to 2877 to activate.

Please visit official Globe and Smart websites for charges and fees associated with the service.

Tuesday, August 12, 2008

Cheap MacBook Black in the Philippines?

I'm excited about this since I alreay passed the request for me to replace this aging notebook of mine, a Compaq nx9040, 3.5 years old already with a slight LCD damage to be replaced with an Apple MacBook Black.

It's not yet final but I'm keeping my fingers crossed that my superiors will approve my request for the Apple cool stuff instead of just another Windows laptop. I wrote a formal request with my justifications including being able to use security and auditing tools available only in Mac OS X environment or those that run natively there plus the ability to test web applications if they can run flawlessly under the Mac OS particularly in using Apple's proprietary Safari browser.

I asked around for possible suppliers of cheap MacBooks with upgraded specifications, if there's such a word, and the least expensive quote I got was PhP73k including the Mini-DVI to VGA adapter to enable me to use a multimdedia projector for presentations.

Hope my request get approved soon and a shiny new MacBook delivered to me...otherwise the new laptop would just be another Windoze clone :(

Insolvent G7 Bank of Naga City Closed by BSP

Two weeks ago I received a call from a bank executive inquiring if I was the one who asked her about a certain G7 bank closed by BSP. I replied no and just informed me that I already knew about the closure of the Naga City-based bank by the Bangko Sentral ng Pilipinas.

It's fortunate that the Philippine Daily Inquirer also reported about the closure due to the bank's financial woes that "lacked assets to service liabilities."

Note that all deposits are insured by PDIC up to P250,000.00 so there's nothing to worry about if your deposit falls under the insured amount. Amounts beyond the amount need to wait if you can still claim part of it once assets are disposed of

Monday, August 11, 2008

Internet Banking, IDS/IPS and Application Security

I received highly-reliable reports that two large Philippine banks' online banking system were compromised. A third bank's website got vandalized. I can't divulge the names of the banks but I'm just worried about it. One of them I have a pending application for a card that I'm thinking of just not pushing through with.

one of the banks I know have expensive and sophisticated Intrusion Prevention Systems (IPS) in place since I personally know their Information Security Officer and IS Auditors. But their "pride" took a beating at this latest problem of theirs.

I would like to point out that no amount of obscurity, Firewalls and IPS/IDS can ever compensate for a poorly designed online banking application.

Web application security is still not a hot topic here for a simple SQL injection attack can access confidential information there.

Wednesday, August 06, 2008

Chinabank High Interest Deposit Certificate Offering

Two weeks ago, I received a text message from a Chinabank insider informing me of a special product offering with much higher interest rates than their regular time deposits.

The message said "Good day, chinabank will be launching a new product called the Long-term Negotiable Certificates of Deposit (LTNCD). Minimum amount is P50t. PDIC insured. Term is 5 years. NO withholding tax. Indicative rate projected at 8% to 8.5%..an account opening fee (1 time charge) at P75 per cert will be charged and account maintenance fee of 0.025% per annum based on face value whichever is higher deducted from the gross interest due on the LTNCD on interest dates. Quarterly interest payment...offering period starts on July 28 to August 8, 2008. Please reply ASAP if interested cause it is 1st come 1st served..."

I replied immediately upon receipt of the message to express my intention to invest part of my savings. But as fate would have it, I forgot my passbook the following Monday and decided to bring it the following day. The morrow, I was able to bring my passbook but totally forgot about going to the bank when my friend from Chinabank dropped by the office and asked me if I was able to open an account to which I replied no. She just told me that it's already closed the day before due to the high turnout and already reached P5B.

Oh well, the planned early morning trip to the bank didn't materialize and thus missed an excellent investment opportunity.

Better luck and be ready next time, Paetechie!

Tuesday, August 05, 2008

Executive Privilege, Supreme Court and MILF MOA on Ancestral Domain

Here we go again, after that "error" of the Supreme Court effectively letting Neri walk away with potentially damaging disclosure regarding his conversations with PGMA about the NBN-ZTE scandal, the iron lady again is using the same executive privilege tack, not against the Senate, her traditional enemy, but against the Supreme Court, regarding the constitutionality of the proposed Memorandum of Agreement (MOA) between the Government of the Replublic of the Philippines (GRP) and the Moro Islamic Liberation Front, a Muslim rebel group in Mindanao whose end is independence.

According to news reports, GRP is considering creation of the so called Bangsamoro Juridical Entity (BJE) larger than the present ARMM with the inclusion of villages that also infringes on the ancentral domain of lumads of Mindanao particularly the Subanons of Zamboanga peninsula.

The Philippine daily Inquirer report stated "the government said while negotiations with the MILF did not involve any foreign power, there were military and national concerns raised." and that "the Philippine government and the BJE are to exercise “shared authority and responsibility” over the Bangsamoro homeland."

Let's wait and see how this will transpire. I just wish the justices who voted in favor of executive privilege realize the mistake they made and make corrections as early as possible.

Executive privilege should not be upheld when the interests of the people are at stake. It cannot be invoked just to cover up crimes committed by the president.

I am for peace, for a lasting one, but compromising other things to attain the objectives is not negotiable. The MILF has an ultimate end of secession and eventual independence. Should the MOA be implemented, only time will tell if the fears of many are true.

Saturday, August 02, 2008

How-to: View, Edit EXIF Data EXIF Editor

I've been asked many times how to view EXIF data in Windows XP as well edit the data for no obvious reason except when you're just going to brag if you have the latest camera or possibly to hide camera you're using and delete incriminating details of the date the photo was taken.

How-To view EXIF data, right click a file on Windows Explorer, select Properties on the menu, click the Summary tab, then Advanced to display EXIF data with photographic details.

I use IrfanView with the plugin to view EXIF data.

Editing EXIF data is tricky, it requires third party software like Opanda PowerExif to edit data but it doesn't come free (price: $49.99).

There's also ExifPilot and ExifEditor ExifEditor

For occasional use, the cheap trick is to use a hex editor, many free hex editors available, where you can edit the fields you want before saving to another file (don't overwrite the original file to be sure).

For my demo, i used HexEdit for its simplicity requiring no installation, just a small executable file.

To completely remove EXIF data in a picture, you may use EXIF Stripper (available here to hide settings and save on file storage space though minimal as claimed.

Tip: For anonymous bloggers, I recommend stripping pictures of EXIF data before posting in your blog. You can be traced by the camera model you have and date/time stamp on it if you're living in a small town.