JailBreakMe and vulnerability waiting to be exploited

iPhone users jailbroke their iPhones to circumvent any blocking by the original IOS firmware, and allow them to have more control over the phone, with regards to software installation and so on. I have a friend who jailbreak his phone, and it look tedious. I dont really know, because I dont have an iPhone.

Jailbreaking becomes much easier now. You just need to browse through the site, some clicks, and your iPhone were jailbroken. What jailbreakme.com did is kind of a drive-by exploitation, a technique malware writers used to infect with malware/virus, by exploiting vulnerability in the browser by viewing a PDF file. In this case, jailbreakme.com used the exploit code to exploit a vulnerability in PDF reader in iDevices, to jailbreak the device. @comex found the vulnerability, and use it in jailbreakme.com. And actually, at the time when this article was written, the PDF files can be found here. http://www.jailbreakme.com/saffron/_/

For whatever purpose you want to jailbreak your iPhone, I don’t care. But the issue arises as it is really EXPLOITING a vulnerability in your iPhone device. Practically, not just iPhone, but iPad and iPod. It means, your iDevice might still have this vulnerability which is exploitable. What does it mean by exploitable? It means someone can execute a malicious code, some people might understand as “hacking into” your iDevices, to do anything that they want, without your authorization.

Apple have announced that the patch will be available in the next update, which leave your iPhone hackable or exploitable in the mean time. Jailbroken iDevices by jailbreakme.com can download additional patch to patch the vulnerability, called PDF patch 2. But for virgin IDevice, you remains vulnerable until the next update.

The PDF file used by jailbreakme.com is available for public access, at http://www.jailbreakme.com/saffron/_/. There are rumors that someone have started writing malicious code to exploit this vulnerability, and it is on its way now.

I found a few articles which gives an insight on security in mobile devices, and currently pointing to the few who conquer the mobile device market share currently. Security Showdown: Android Vs. iOS and by ThreatPost, New iPhone Jailbreak Make Short Work of World’s ‘most secure’ OS

Additional note:
IOS Hardening Configuration Guide, by Australia Government, Department of Defense

Phishing email. Do you collect them?

Do you receive something like this? Check your spam folder, you might missed it, thanks to effective spam filter by your provider.

For simple analysis, you can try identify where it comes from. From the mail header, it will tell you which email server does it come from. In some cases, some email server will have the IP address of the user who sent the email as well. Go havva look, the picture below show you how to get the mail header in Gmail. For other main clients, you can refer to this site.
http://www.mycert.org.my/en/resources/email/email_header/main/detail/509/index.html

My computer is infected. So what?

I bet most of us still do not have the idea of rising internet threats nowadays. It seems irony, as everyone goes online and relying their business to the internet, they still tend to be the victim, and become part of the darkside of the internet without them knowing.

One scenario that we might think about, my computer have been infected with virus, but I still can send my email as usual. So, whats the deal? Well, there’s a lot more about the virus that you dont know. We’ll just discussed about 2 issues here, banking trojan like zeus, and also botnet.

Zeus trojan

Zeus trojan is a banking centric trojan, where it steals banking information by keylogging. There quite a number of infection nowadays, and thousands of variants. Zeus package were sold for anyone to run the botnet. The package comes with the virus builder, that were custom made for your configurations. So, your banking information might not be received by one person. Anyone could steal your banking information. The data will be submitted to Command and Control (CnC) server, specified by the creator.

Picture from http://www.secureworks.com/research/threats/zeus/?threat=zeus, showing what kind information being stealed
Continue reading

Protect your google account with account recovery option

I just bugged by google when they asked me to re-login again. But there’s a new notification about entering our mobile number, as another verification to claim our account.
Google Recovery Option

It is a good way to verify our account, and claiming your account if you happen to lost your account due password lost. It might be a concern about your personal data, personal information being held by google. But by using their service, we’re compromising our privacy to google already.

However, how did they verify that I entered my correct mobile number? No verification made for the phone number. Anyhow, its a good step to limit the incident related to account lost by google. Other services like facebook also did have some mechanism to mitigate the issues, like notifying you if someone else accessing your account from another location, which seems to be unlikely.

I’m glad to see such more internet services taking this issue seriously, and doing something about it. As they grow larger, they still seems to care for those small portion of their users, whose having this kind of problem.

Fine tuning apache and mysql for performance and security

I’ve gone through a process of migration of a server, with help with provided migration scripts, and some hard-coded scripts to help synchronizing latest data, and permission fixing. All done well, and working fine now. However, all installation of services were default, and did not optimized for our needs.

There are few aspect of tuning need to be done, relative to your resource, in terms of available memory, harddisk I/O, and some other considerations. Surely, you want the best performance, with high level of security. At some point, there are some aspect that you should be compromised to get the best in other aspect.

Apache

There a few configuration that would need a change, for example, HostnameLookups. By default it was turned On. While turned on, it will add a latency to the request to resolve the IP before the request were completed. You can disable it by replacing it with

HostnameLookups off

DirectoryIndex negotiation is an option for you to determine what file to be the default file to be loaded in any document root. Avoid using wildcards, and enter the options specifically in httpd.conf file, ordered by the priority
For example:

DirectoryIndex index.php index.htm index.html index.shtml index.phtml Default.htm Default.html

Apache 2.0 equipped with Multi-Processor Module (MPM) which will handle apache connections, handling requests, and forking child process for the requests. There are a few options to chose from, and the most common are worker and prefork. Each of them have their own advantages and disadvantages. Make sure you read through the documentation to understand each options, and how they would help you apache process/request handling.

In my case, I’m using prefork.
StartServers 15
<IfModule prefork.c>
MinSpareServers 10
MaxSpareServers 25
</IfModule>
MaxClients 255
MaxRequestsPerChild 10000

If you are using cPanel, you can edit this in WHM Control Panel -> Service Configuration -> Apache Configuration -> Global Configuration.

Continue reading

Rock climbing in KL, Gua Damai, Batu Caves

I happen to know this place when I first came to Kuala Lumpur, and it have been a common place for weekend activity for quite some time until now. It just lately, I could not spend more time. One of the best thing about the place is the people. Everyone were accommodating, and friendly, not forget to mention about the kids there.

Gua Damai located north side of Batu Caves, near Kampung Melayu Wira Damai. Coordinate: 3.2477904, 101.687463. Last few month, I have the chance to spend some evening there, at the place, and did some bouldering with the kids, and of course, cycling. 🙂 Here are some pictures

Continue reading

Beware of phishing site.

What is phishing anyway?
From Wikipedia, the word phishing means a criminally fraudulent process of attempting to acquire sensitive information from users such as username, password and credit card details by masquerading as a trustworthy entity in electronic communication. Wikipedia:Phishing

Nowadays, you must receive at least one phishing email, containing phishing URL, every time you open your email. Most probably, it will stuck in spam folder. Spam filters nowadays really did what it suppose to do, but not in all cases.

Continue reading

Tioman Island, Pahang.

Last April 2010, I went to Tioman Island with some of my friends from university and office. Its quite a short trip, we spend 1 night on the Island, and 2 night in car while driving. Its was quite a tiring trip, but really great. It cost us around RM 200 (without foods) for each of us.

We depart from Tanjung Gemuk jetty, at about 7am, the earliest ferry to go to the island. On top of the ferry ticket, there was also a marine park permit, that cost us RM7 each. From some articles I’ve read, they said that the ferry should stop at Tekek, then move towards south from it. If you plan to go north, you have to either walk, or rent a boat from Tekek. Our ferry that day start dropping passengers from south to north, starting from Kg Genting. BTW, Tekek is like the main town of Tioman. You will find the only ATM machine (BSN) and airport in Tekek.

desc
Continue reading

Kuala Gandah Elephant Sanctuary, Temerloh.

A friend of mine once mentioned about elephant sanctury in Temerloh, Pahang. Its not too far, and i figured this is the right time to go for it. The right time i mean at that particular time is already 3 month back. Now only I have the time to blog about it.

The place is quite remote, and you have to drive past villages, but its quite easy to find. Just exit at Lanchang, and just drive straight, until you can see signboard to the sanctuary. There are free tickets to be distributed, but they have color scheme for the tickets. The red ticket is for most people, and with this ticket, you can just see and say hi to the elephant. With green ticket, you can have a shower session with the elephant. But, this ticket is limited to 100 tickets issued per day. So, you have to be there as soon as possible before the tickets runs out.


Continue reading