Nowadays, you must receive at least one phishing email, containing phishing URL, every time you open your email. Most probably, it will stuck in spam folder. Spam filters nowadays really did what it suppose to do, but not in all cases.


How to identify phishing email? How to make sure you’re safe from phishing?
You cannot trust “From” field in an email. It can be spoof, and it can be anything. You can send an email to anyone, claiming you’re from Maybank Security Team . There is a mechanism to solve this issue, such as Sender Policy Framework (SPF), where it will verify whether the IP of the email sender is a valid email server to send email for the particular domain it claims to be, but it is not implemented widely yet.

The URL. The right bank will not ask you to fill in any username or password from the link they provided. If you happen to receive any email from your bank, just type bank URL in a new tab/window. Dont follow the link provided.

Anyhow, you have to be able to distinguish a valid URL, and phishing URL. In this case, I’m showing an example of Maybank. The valid URL for Maybank online banking is http://www.maybank2u.com.my. Some phishers will create the phishing site at different URL, and twisted to make you believe it is the valid Maybank URL.

For example
1. http://11.11.11.11/www.maybank2u.com.my
2. http://maybnk2u.com/my/
3. http://maybnk2u.com.my/
4. http://www.maybank2u.com.my.mydomain.com/

All of above are invalid Maybank domain. The most important part in a URL were as bolded in the list above. We will go through the link above.

1. The URL is pointing to a server, with ip address 11.11.11.11 (just illustration). The content is hosted at server with IP 11.11.11.11.
2. The host is actually maybnk2u.com. The phisher is trying to cheat you, by using a domain name that is similar to the valid domain. /my/ in this case is just a content folder on the server.
3. The domain name is almost similar like no 2, but the whole domain is maybnk2u.com.my. All .my domain name were handled by Domain Registry. You should report as soon as you see any phishing site using .my domains to DomainRegistry.
4. You can see www.maybank2u.com.my as part of the domain, but the main domain is at mydomain.com. The owner of mydomain.com created a subdomain, and sub-sub domains for mydomains.com. So, www.maybank2u.com.my is subdomain of mydomain.com. The owner of mydomains.com is the phisher.

Rule of thumb

1. Check for host name : from http:// until next /.
2. In the hostname, check for domain name. Usually last 2 or 3 octet of hostname. such as domainname.com or domainname.com.my.
3. If the domain is other than maybank2u.com.my, the URL is a phishing site.

What should I do with phishing site?
There are few databases of phishing website, that were shared to popular browsers to alert users of known phishing site. If you found a phishing URL, most probably a red alert output will appear to warn you. But, if the phishing site is still new, the alert won’t show up. You should contribute to the database as well, to make sure other users wont be cheated.

1. Using firefox : Click help –> Report web forgery
2. Go to phishtank.com, and submit the URL. Phishtank is one of the largest database of phishing sites.

What contribute to increase cases of phishing?

1. Insecure server – Most phishers were riding on a compromise machine to host the phishing site. It will look like the compromised server is launching the phishing site, and keep them behind the scene. Besides, the compromised server sometime being used to send phishing email to massive email list, and most probably your email will be in it. Thanks to email harvester. There is a mail sending script that will facilitate the process.
2. Compromised email account – You ever encountered your friend sending you a suspicious link? Most probably his/her account was compromised, and being used to send phishing URL or anything to you and his/her other friends in contact list. And most cases, it happen on yahoo email. Not sure why, maybe there’s alot of yahoo’s phishing victim. If it comes from yahoo email, you can check which IP the sender send the email from, leading to which country.
3. Open relay mail server – Email server with mail relay enable will allow anyone to use that mail server to send email. There also some software to facilitate the process of connecting, and sending email using the mail server. You can check if your server have open mail relay enabled. Just google “check open mail relay“.

I hope to see everyone is safe online, while IT helps our life. Banking, social network, communication, we really depends on internet to do those things. So, it takes everyone’s responsibility to take online security and privacy seriously.

Hope this post will help some people in understanding one of the massive online threat, phishing.

For our setup, we are utilizing cacti, a web-based host monitoring tool, that can monitor hosts through snmp. Its a php tool, and customizable. Its powerful enough to give you what you want, just the matter of configuration. The first thing, you have to make sure every host you want to monitor is snmp enabled.

syslocation YOUR_LOCATION
syscontact YOUR_EMAIL
sysname SYSNAME


You can verify that your snmpd daemon is responding to snmp request using snmpwalk. For snmp version 1, you can use,
snmpwalk -v 1 -c YOUR_COMMUNITY_STRING 127.0.0.1
For snmp version 2,
snmpwalk -v 2c -c YOUR_COMMUNITY_STRING 127.0.0.1

This configuration is for the end host you want to monitor. In Cacti, you will need to add the community string, and the IP of the host you want to monitor. Then, cacti will start polling information from these hosts through SNMP with the credential given.

For me, I would just want to use google mail, as inside google apps package. Google mail really a good thing we have in the internet world nowadays, as the email interface, emailing experience is different, and really useful. Just a few cons like no folder management. But you can still use labelling to categorize your email.

There are 2 ways you can use google mail on your own domain. Either registering for google apps at http://www.google.com/a/ or using your current gmail email account.

Using google apps.

Go to http://www.google.com/a/, and register for google apps account with your domain name. With google apps, you can have google docs, google chat, google site, calendar and a few more. But this example, google site will be ignored, as I’m using my current hosting account for site, I’m just using Google Mail in my google apps.

After the registration process, you will have to verify domain ownership. You can choose either 1 of 2 method, either configuring your MX record, your html verification. I think HTML verification will be easier, as you can simply create the file, with specific filename and content provided by Google, on your hosting account, and Google with check the file later.

After your google apps have been created, you need to modify your DNS record of your domain, specifically your MX record to tell where emails of your domain to be sent to. Please check it here, http://www.google.com/support/a/bin/answer.py?hl=en&answer=33352. You can just refer below, the list of MX record to be changed.

MX Server address Priority
ASPMX.L.GOOGLE.COM. 10
ALT1.ASPMX.L.GOOGLE.COM. 20
ALT2.ASPMX.L.GOOGLE.COM. 20
ASPMX2.GOOGLEMAIL.COM. 30
ASPMX3.GOOGLEMAIL.COM. 30
ASPMX4.GOOGLEMAIL.COM. 30
ASPMX5.GOOGLEMAIL.COM. 30


Google also suggest you to add this additional SPF (Sender Policy Framework) in your DNS. This is additional record to tell which server is supposed to send email at this domain name. As we are using google apps for our email service, we should tell google server is the only server which suppose to send email @ourdomain.com.

"v=spf1 include:aspmx.googlemail.com ~all"
* note the ~all, not -all.

Once finished, you can wait for the DNS record to propogate, and usable. You can check your MX record changes through DNSStuff.com, from here, http://www.google.com/support/a/bin/answer.py?answer=116393

You can manage your account using your admin account, and login to your inbox through http://www.google.com/a/yourdomain.com. This is how control panel looks like.

Start creating email account for your domain users!!

Using your existing gmail account

This options is only for a specific email account of a domain. For example, you have a email account from your organization, and you dont like the web-based email client. You can use your gmail account to check all your emails to yourname@yourorganization.com in your current Gmail account.

Basically, you will forward all your email that were for yourname@yourorganization.com to YourGmailAccount@gmail.com. How to do it, it depend on your current email service. You might be able to change in your own web-based email access, or you might need to ask your domain administrator to do it for you. If you manage your domain yourself, please refer to your hosting control panel on how to accomplish this.

In your gmail account, you can go to Setting -> Accounts and click Add another email address. Enter yourname@yourorganization.com and Google will send a confirmation code to yourname@yourorganization.com. You might just need to check your Gmail account inbox, if you have done the email forwarding part. After you have confirmed the code, you can see yourname@yourorganization in your list of accounts, inside your Gmail account.

You may want to put your mail in mannerly order, by creating a email filters. Click Setting -> Filters, and Create new filter. You can create filter for all email sent to yourname@yourorganization.com, label it as MyOrganization, or skip inbox. You can just click the link to your label, and you will just reading your emails yourname@yourorganization.com.

This tips is available in Hacking Gmail by Ben Hammersley. This is a great book if you really rely on Gmail for your daily email. I really think Gmail is the best email service at this time.

I just found a new Photoshop tutorial, Its a simple tutorial, to create a Web 2.0 button for your website. It will look like glossy crystal look, some kinda elegant. The article is available here.

The tutorial is simple, showing a few suggestion on blending options that needed to give the glossy look. You will find it very easy Eventhough I’m not really into graphic and multimedia stuff. Huhuhu..

http://www.xtutorial.info/2007/11/19/13/

This is really a companion for web developers, a website that could test your design compatibility for different browser, just from this single website. This will be a time-saver tricks to check your work, and make sure everything will displayed smoothly on your viewers screen.

You can test your design for different browser. For Linux browser, test it on Epiphany, Firefox, Galeon, Iceweasel, Konqueror and Opera. For Windows, you can test it for Microsoft Internet Explorer, Firefox, Opera and Safari. BrowserShot can also check for Max OS browser, Firefox and Safari.

With a few click, you can know how ready your design to be delivered

Once in a while, you might caught at a computer, updating your blog maybe, and you need to edit your pictures. Some would suggest a portable image editor in your pendrive. Another alternative would be online/web-based image editor.

One that you could try is rsizr. It will immediately prompt you to open a image file to edit. You can easily resize and crop any image file you uploaded. Rsizr use a special technique to keep the quality of the image edited. You may experience image quality loss, blurred text after resize, but not with rsizr. I have tried rsizr with 800 x 600 image, it resizes the image from 191kb to 121kb. After editing, the image can be save directly to your computer, or to your ImageShack account.

Another one that you could try is flauntr. Flauntr have a lot of feature for image editing. Just enough to make you comfortable without Adobe Photoshop. You can change hue/saturation, brightness, resize, crop, and you can also applying effects to your image, for example blur, greyscale or sepia. Give it a try

Rsizr – http://rsizr.com/
Flauntr – http://www.flauntr.com/

Just found this useful tool, once installed, it will create a new drive named “GMail Drive”. You can store your files in the drive, that actually store it in your gmail account space.

Gmail Drive will actually send an email to yourself, with the files added to Gmail Drive to yourself. Gmail Drive will login to your gmail account, and perform search function to sort the files viewed in the drive. You may want to make a filter, for emails with prefix “GMAILFS” to moved to your archived mail folder.

Bare in mind, Gmail Drive will break if Google changes its new system. The developer might provides and update with new system. So, dont panic if the tool breaks, and don’t highly depends on the drive.

GmailFS – http://www.viksoe.dk/code/gmail.htm

I found an article telling how to do this. I moved my pictures, to a temporary folder, in case I misresize it

mogrify -resize 800 *.JPG

The command will resize all file with extension JPG in that particular folder to 800px width and keep the image aspect ratio. You can also change it or put it with exclamation mark, to resize it to that particular size.

mogrify -resize 320×240! *.JPG

mogrify is tool comes with ImageMagic. Install ImageMagic, and you’re ready to go.

In the project information, there are description on how it works, and they also provides ruby script to generate signatures, search for binaries from the signatures and also to download them, basically just wget it.

The installation I did on Fedora works just smooth, installed ruby 1.8.6, ruby-google and also soap4r. ruby-google connects to Google API using SOAP, therefore I have to install Soap4r first, then ruby-google.

This is a sample of 1 virus found, Message.pif (Worm.Bagle.N-1)
this is the clamscan result:

Message.pif: Worm.Bagle.N-1 FOUND

———– SCAN SUMMARY ———–
Known viruses: 152764
Engine version: 0.91.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
Time: 2.592 sec (0 m 2 s)

This is the sample usage of the ruby scripts:

$ ./mwsig.rb Message.pif
4053c6c2:00010000:0000e5b0:00005000
$ ./mwsearch.rb 4053c6c2:00010000:0000e5b0:00005000
1 http://archives.neohapsis.com/archives/fulldisclosure/2004-04/att-0795/Message.pif
# ./mwdownload.rb bin to_download
–09:17:57– http://archives.neohapsis.com/archives/fulldisclosure/2004-04/att-0795/Message.pif
=> `bin/0.bin’
Resolving archives.neohapsis.com… 72.32.12.210
Connecting to archives.neohapsis.com|72.32.12.210|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 21,871 (21K) [text/plain]

100%[=================================================================================================================>] 21,871 21.57K/s

09:17:59 (21.55 KB/s) – `bin/0.bin’ saved [21871/21871]

This is the sample search in google.com. It have 4 main information to search for:
1: Virus/malware name
2: Time & date stamp
3: Size of Image
4: Entry Point
5: Size of code

All of these information are basically the last 4 segment in the signatures, created by mwsig.rb

I just need a good workspace, and conky have add up some spice to it. Conky, a lightweight system monitor. It will display system monitor on your desktop. You can customize it, what you want to see most. Most sample configuration I found have what I need. I dont have much time to go into customizing my own config file, just copied from others.

I’m using this config file, .conkyrc. I grab it from cstamper blog. You can see there’s more .conkyrc config file sample from conky official website. Its a good start for your own custom configuration script.

Run conky, and it will load conky with configuration file at $HOME/.conkyrc