The Hacker’s Blog

As we all know, Google has quickly become the king of search engines and is well on its way to full internet takeover. GMail, Google Calendar and Google Docs are just three of the many tools Google has provided for us to make our lives more simple and streamlined. I personally use all three and can vouch for both their simplicity of use and their multitude of features.

In this first part of the three (or more, if I feel up to it) part series is going to cover using Google Calendar. Its a wonderful tool that not only allows you to set up your own personal calendars, but allows you to use the calendars of others (such as holidays, lunar activity) and collaborate a calendar among several people.

Here’s a quick rundown of what I think makes Google Calendar the best calendar software out there.

1.) Multiple Calendars displayed as one

When using Google Calendars (or gCals for short), you’re given the opportunity to create multiple calendars. This allows you to keep some information private while still being able to share other information. All the calendars associated with your account are displayed, each with their events highlighted with a different color. My account has the following calendars: Holidays, Lunar activity, my exercise routine (that I share with a friend), a to-do list (useful for reports, homework, test dates) and a calendar just for my personal activities.

2.) Ability to share calendars with others

My exercise schedule (Gettin’ Prime primed) is shared with a friend of mine. He and I share this calendar so that we can work together even though we live quite some distance apart. Its gives you nearly the same effect as working with a gym partner, you see how much they have done and that makes you want to out-do them. While gCals are useful for this, shared calendars can be used for much more.

Pretend for a minute that you are part of a web design team and you need a site ready to go in one month’s time. You’re team consists of three members: one is the graphics designer, another the PHP coder and you, the third, gets to be the lucky s.o.b. who puts it all together. How are you all going to keep track of how the others are managing their parts? Well, all you’ll need to do is set up a shared calendar and allow the other two members to access it. You can set their deadlines for different parts, as well as have them keep you updated by posting comments on their events. This brings me to the next item in my list.

3.) Adding comments to events

All activities on a gCal are referred to as events. These events can be anything: your sweetie’s upcoming birthday, your uncle Joe’s funeral (he hasn’t kicked it yet, but you’re hoping for somewhere around May or June of next year) or even your oh-so-favorite prostate exam. (As a side note, none of my calendars keep these items for the following reasons: I’m a smart enough guy to realize I need to remember my sweetie’s birthday, I have no uncle Joe and my prostate is perfectly fine without a finger, or anything else for that matter, prodding it, thank you very much

Let’s say that you have an event to remind you of your sweetie’s uncle Joe’s birthday. Now let’s say that your sweetie told you (via IM, no one talks IRL anymore) what to get dear old Joe. If you’re the careful type (or smart even), you’ll open up your gCal and search for uncle Joe’s birthday, edit the event and add a comment containing a note to yourself: “Buy uncle Joe that new Girls Gone Wild DVD that he’s been asking for.” Et voila! No more sweating it out the day before Joe’s big party - you’ll know right where to look to figure out what it was you were supposed to get him - “Oh crap-crap-crap…What was it I was supposed to get him? *whips out iPhone* Oh, yeah, right! I stored it in my gCal! BAM!” See how easily a nasty situation was adverted?

4.) Alerts via SMS and e-mail

Google just loves SMS and for that, I just love Google. Using your cell phone to get today’s or tomorrow’s activities is as easy as texting ‘day’ or ‘nday’ to 48638. You can also use your cell to add events to your calendar and while I’ve never done that, I’m sure its a useful feature if you’re not around a computer.

While you can get all the information you need by using a cell phone, you can also use your email. By setting the option to get the list of the days events, you’ll have an email sitting in your inbox every morning at 5:00AM containing a list of what your loved one has set up for you to do today (because we all know, a good girlfriend or wife in today’s age never uses a honey-do list that sits on the ‘fridge - its all planed out weeks in advance using gCals! Ladies, remember this!)

5.) Checking your gCal from your mobile device

And last, and probably least for me, if you feel the need to check your gCals from your blackberry or PDA while driving down the highway with your kids in the back just a-hootin’ and a-hollerin’ and your wife in the passenger seat going on about how her uncle Joe ended up hooking up with the doc from his annual prostate exam, don’t worry - because you can! If you point your cell phone’s browser to http://www.google.com/calendar/m you’ll be able to view and use your calendar just as if you’re sitting home in your (quiet) study.

Google is, like, taking over the world, man. It is, really. As I wrap up this post, I just want to dedicate this post to dear old uncle Joe whose time has recently come. Though he may never have existed, he’ll always hold a special spot in my virtual heart. If any of you would like to make a donation to my sweetie’s (fictional) uncle Joe’s memorial service, please feel free to send some money to my Paypal: prime[at]thehackersblog.com. Or if you’d rather, just leave a nice comment, whether it be a loving comment in memory of Joe or a reason why you like, or hate,  Google and its calendar.

Here’s a list of random eBooks I’ve came across. I figured I could share them with all of you.

• Linux for Dummies, 7th edition
• Linux Socket Programming
• The C Programming Language
• Recursive Techniques in Programming
• Hardening Linux
• Linux Bible 2006
• Microsoft Windows 2008
• Introduction to Assembly Programming
• Linux Shell Scripting
• C++ in a Nutshell

Technorati : Downloads, eBooks
Del.icio.us : Downloads, eBooks

Ubuntu has quickly became one of my favorite Linux distros to use, however, its slowly falling behind to others such as Gentoo, Debian and Slackware. I still use it on my home file server, though. It seems to work really well for that.

The Problem

The big problem for me is keeping my server up to date. I always like to be running the most current version of all software available, even if it is on a server. I’ve upgraded to Hardy Heron and am looking forward to the release of Intrepid Ibex.

I run on a DSL connection so my bandwidth is pretty limited. I normally don’t like to have to put up with a slow connection because I’m downloading updates to my server. This leaves me with the option to download the updates at night while I’m asleep. However, its kind of hard to start a download at 3:00 A.M. while you’re asleep, isn’t it? No, not really. Here’s how.

The Solution

There are two things that every Ubuntu user should know about. The first is using apt to update your system and install software. The second is cron. Cron is a utility/daemon that is used to run specified scripts at a certain time.

The first step to setting up your computer to auto update itself is figuring out what command you need to update and upgrade while allowing everything to be installed. It looks something like the following:

apt-get -y update && apt-get -y –force-yes upgrade && apt-get -y –force-yes dist-upgrade

If you run that manually, it will fetch the information for all packages to be updated and then begin installing them.

The second and probably most complicated step is setting up cron. Start by creating a file called apt-get.cron. In this file you need to enter the time and command you want to run. Let’s say we want to update our computer every Monday at midnight. The first part of our file should look like this:

0 0 * * Mon

This tells cron to run on the 0th minute of the 0th hour of every Monday of every Month. The next step is to specify the user (which needs to be root for apt to work correctly). Adding in the user and command should leave you with something looking like:

0 0 * * Mon root apt-get -y update && apt-get -y –force-yes upgrade && apt-get -y –force-yes dist-upgrade

Next, add the cron file to cron by running (as root)

crontab apt-get.cron

Keep in mind, that running the previous command will remove all other cron jobs in your crontab.

The Glorious End

Now your computer should be all set up for auto updating. Give it a try. Sit in front of your computer and wait until your script runs. Then check the logs to make sure it ran. Or, if you want, just leave it be and check it some other time.

The modification of website URLs is a common method of unauthorized entrance into a website. URLs can be modified and manipulated to perform different tasks. URLs like this may be abnormally long or contain strange characters, maybe even another character set. These URLs would take advantage of a security hole allowing access into the website or server. (more…)

Snort is an Intrusion Detection System commonly used on Linux computers and servers. It contains a set of rules that it uses to verify all activity on the computer. I will be using Ubuntu for this installation. (more…)

For this paper, I will be using Ubuntu as the host operating system of both the client and server. LDAP (short for Lightweight Directory Access Protocol) is a protocol used on servers to allow for SSO (single sign on) for users. In other words, LDAP allows for users to access their files and account from any computer that has the LDAP server specified as the login server. LDAP is useful in many environments ranging from schools and homes to small and large businesses. (more…)

For this paper, I will be using Windows Server 2003 to install and configure Active Directory. Active Directory is a way to manage multiple users with a single server. These users, when using a client of the domain, log in to the Active Directory server for authentication. This server provides information on the users privileges, groups and file access rights. Active Directory is commonly used in business places, as well as schools as a means of managing their users, employees, or students. (more…)

Ever try to break into a house but you didn’t know what entrances were open for you? I know its happened to me before (long story - maybe some other time). Trying to break into a computer that you are unsure of which entrances are open can be just as frustrating. Just like breaking into a house, there are two ways we can approach this. The first is brute force which means we try each and every way. This can become very tiresome and time consuming (especially with those second and third story windows…). The second is just to give up and move onto an easier target where everything is laid out for us. But where is the fun in that? Eh?

Just as every house has doors and windows, every computer has ports. Unfortunately, they have a huge range of ports (tens of thousands). Now who wants to sit back and try to get into each and every one of those ports? Definitely not me.

Lucky for us there’s something that can help. Its called NMap and is used to scan a computer for open ports - hence the term ‘port scanner’. When we run NMap, it does its thing and then returns a list of ports and what is using on them. This gives us an idea of what is being ran on the computer and where we can get into it from.

The first step to using NMap (as it is with any software) is installing it. Most Linux distrobutions will have NMap in a repository, so if you’re using Linux, it won’t be that hard to install. However, if you are running Mac OS X, Windows or just feel like being hardcore and compiling from scratch, you can download NMap from its website.

After you get NMap installed (you did install it, right?) let’s try it out by checking out what is running on your current computer. As we all know, we can reference the computer we are using in three different ways. Can anyone name them? I can!

1. 127.0.0.1
2. localhost or another network name for your computer
3. Your network IP

For the sake of ease, I’m going to be calling my computer localhost. Run NMap on yourself using:

nmap localhost

This will return all open ports on your computer and what services are running one each port. For example, mine returns:

PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql

Those are all the ports and services that I have running on my Gentoo server at home. Don’t think you’re going to break into it - none of the ports are accessible from the outside.

You can extend the results returned by adding extra arguments to your NMap command. Normally, to get good results, I run:

nmap -A -T4 localhost

-A means to enable OS (Operating System) and version detection. -T4 is used for faster execution.

When I run NMap -A -T4 it returns the versions of the software I have running and it also makes an educated guess at what OS is running. For example, it tells me that the http server is Apache httpd and that I’m running OpenSSH 4.7 (protocol 2.0). All of this is useful information, especially if you’re trying to find a software exploit for a system.

If NMap has caught your eye and you’d like to work more with it, let me know. I plan on going a bit further into the use of NMap in another article soon. Have fun and remember - if the doors are locked, its probably for a reason.

Have you ever had a large file(or files) that you need to share with people? Or maybe you need to download a large file but can’t find a reliable download? For all of you in that position, I introduce to you the wonderful world of torrents! (more…)

This paper will cover the basics of securing PHP. It will first explain how you can use the php.ini file to set secure defaults for PHP. A brief description of how to prevent SQL injections follows. The paper is wrapped up with a description of Suhosin, a secure or hardened patch for PHP. (more…)