Moved again!

•December 1, 2008 • Leave a Comment

Yeah, had enuff of lah.cc, so I’ve moved to WordPress.com =)

GMail Video Chat

•November 14, 2008 • Leave a Comment

GMail has added video chat to its browser-based email and chat! Amazing!

Using Vidyo technology, the GMail plugin enables inline video chat straight from the GMail interface from the browser!

Surprisingly Google has a non-browser app called GoogleTalk, but strangely this app doesn’t seem to follow the same feature set or roadmap that GMail has. For example, from the browser-based GTalk, you can conference-chat (chat with more than 1 person in a session) from the browser with your GMail contacts. But in GoogleTalk, you can only chat with 1 person. Similarly, GoogleTalk does have voice chat but obviously no video chat, while the GMail interface has now added video chat.

Are they separate teams? Google is really pushing the boundaries of thin clients, soon everything can be done from a browser alone, even play games. iD software is doing Quake that runs 100% from the browser. Asus has Express-Gate. Now GMail gives video chat from the browser. The days of Windows OS might soon be over.

BTW has anyone checked out the new Google Maps street level feature?

To syndicate or not to syndicate

•October 24, 2008 • Leave a Comment

Sigh… after moving from Blogspot to Lah.cc, I realised one thing. Being on Blogspot does have its advantages and the #1 is that your blog is syndicated into Google. So ppl can google u up. But now on lah.cc, all my recent articles cannot be googled! The world cannot see my posts!

So how now? Go back to Blogspot? I tried feeding my new site to Google using the site: tag, but I dunno if I have to repeatedly spam that or even do site: everytime I post a new one?! site: by itself works but the found articles don’t see to join the Google cloud. Sianz.

I’m gonna give it a few more months. If being on lah.cc doesn’t give me any new advantage, then it’s bye bye lah.cc, hello again blogspot!

Shoutout to amin of HitB, thanks for the offer! But me giving tuition now and HitB’s on a weekday so can’t go =(

GovWare 2008

•October 9, 2008 • 1 Comment

LOL I managed to attend this year’s GovWare 2008 at Suntec! My uncle (who works in SingTel) told me about it this year and told me to just come, no problem. We went together since I break now and he gave me a few of his namecard for me to use juz in case (heng ah!). I registered using his name den throw in his namecard into the big bowl. Got free bag =) But the freebies inside the show even more nice! Seems they dun really care who sign up as long as got namecard to show. Anyway my uncle’s pass say “delegate” but mine is “visitor”, guess he pre-register so different, but no onsite database to register and check. Good for me lor.

I attended a few talks but mostly quite boring la, seems like sales than technical. I only attend 1 day nia the other two days no chance to go since not free. I saw and tried the Hack-In-The-Box booth competition! HAHAHA always wanted to go HITB but never had the chance now it is here for me to try. They got this web challenge and is basically browser-based “hacking” la… I got past the 4 level challenge so they told me drop namecard (again!) and stand chance to win free trip to M’sia for the real HITB end Oct. LOL if heng heng dio my uncle got free trip.

My fav freebie is the Splunk teeshirt so nice! I got the “Be An IT Superhero, go home early” shirt hahah so funny. Got a few more like “Can Can Cannot also can lah” ROFL! Also got free USB hub, pen, notepad and travel plug but that one I gave to my uncle since he travel more than me and he said he didn’t feel like filling up the form so I fill up for him using his namecard =)

Also saw one break code to get PSP, but look more like conjob since must luckydraw namecard and is a trial and error attempt on a dial lock like those for safe. Splunk oso giving free iPhone wor but is only for thursday so no chance for me. But I think should also be lucky draw namecard.

The technology seems interesting, but to me is nowhere near what is available on the net and discussion forums. Their stuff more enterprise level stuff like data protection, IDS, biometrics, backup, etc. OK I guess that’s why is called GovernmentWare.

Female hacker group

•September 18, 2008 • Leave a Comment

http://www.thedarkvisitor.com/2008/05/chinese-female-hacker-group/

LOL? Look at the first pic. Seriously I very sure I saw that pic b4 floating around the XMM circuits! REALLY! Anyway lah, whether real or not, China “Security Team” is real. There are a number of “Security Teams” set up in China, and the members are real hardcore hackers developing zero-day attacks.Two groups I know of, ph4nt0m Security Team and Angel Security Team. I used to read pST often but after awhile stopped reading due to skool. -_-

But their topics are really hardcore and I remember some of the top-class proz there, like noop, superhei and eggdrop. AST is an affiliate of pST. U can google them should be able to find their sites. This female group sounds more like confusion tactics to cover the real superweapons of Chinese Security Teams like as above AST/pST. Cuz if they are really good, why advertise in the first place? Because some fella used an XMM pic ripped from some XMM site?? Dun think so ba. XMM spend more time camwhoring and stuff than to sit infront of PC hacking and cracking…

BTW for those who suagu, XMM = Xiao Mei Mei.

Gh0st RAT

•September 16, 2008 • Leave a Comment

Someone released the Gh0st RAT version 3.6 source code for download: http://www.opensc.ws/c-c/3462-gh0st-trojan-3-6-source-code.htmlYou need the 2003 SDK and it must be compiled in VC+ 6.0.Learning new techniques so this source code from a legendary group will be very valuable! But nowadays a client-server model like this is abit outdated, cuz harder to run server module, need stable connection means need to hijack server or PC to run the exe. If run from home PC is asking for trouble! 

Google Chrome! I’ve tried it!

•September 4, 2008 • Leave a Comment

Have you tried it? It’s the new browser from Google! So I tried it, you download a small downloader app and proceed to download the full Chrome. Installation is really fast and you can import your bookmarks from Firefox.

Verdict? It’s really faster than Firefox in rendering the website! Supposedly it has its own JVM built in, so that means now devs have to worry about MS JVM, Sun JVM and Google JVM LOL!

Interesting observations about Chrome: it spawns child processes for each tab you open. In other words you’ll see many chrome.exe processes in your task manager. It seems to have a parent process and a controller process in addition to +1 process for +1 tab, so 2 tabs = 4 processes. The parent and controller processes start out at 10MB and 5MB memory footprint at the start and grow as you have more tabs. Each tab is 5MB. Not bad for memory footprint, compare to Firefox 3.0 which is about 80MB for 3 tabs right now, my total for 3 tabs for Chrome is about 45MB.

It also has the Opera start page with the thumbnails on the start page but is a history of past sites and its menu is like IE7′s, small icons on the right for dropdown menu.

Another special feature is the Incognito tab, which is a tab you fire up that won’t leave behind history or save cookies.

So far very nice browser. Hope to see more from it. There’s talk of a Chrome API for extensions but no news yet. Android?

Google ChromeGoogle Chrome Incognito Tab

What I did…

•August 27, 2008 • Leave a Comment

So… National Day Attack… guess what I did… trojan? Nope. Web exploit? Nope.

I wrote an iPhone app. Yes, iPhone app, submitted it to a mobile apps site. Hoping to catch people accessing their web email account info when they use the iPhone virtual keyboard.

No hits. =(

I tested it on my friend’s 2.5G iPhone, it worked leh. Hmmm I uploaded it to a UK site, wonder if that made a difference. So far the feedback/comment page no negative comments but about 400 downloads? Maybe the firmware makes a big difference. =(

So 3 weeks later update. Cuz waiting for results. If got results earlier longer ago update liao. Too bad cut off 3 weeks up. Give up, move on.

Maybe next one I’ll do a Facebook app/game heh.

Just so u noe, apps done for iPhone are in Apple Objective-C (mostly C). Google it. And not all iPhone apps need to go to the Apple App Store.

CLI WordPress theme

•August 5, 2008 • Leave a Comment

There’s this new wordpress theme called CLI, which basically converts your WordPress blog into a green-monochrome command-line interface ala Unix! Well here at lah.cc there’s a CLI theme too but it doesn’t seem to work. There’s a working demo of CLI2 here tho.

CLI2 uses heavy javascript to convert blog content into the CLI theme. Unfortunately, it behaves much like a CLI interface, so pulling out articles is not for the faint of heart for example pulling out articles requires “ls”, and everything is in green, even images. Also, some posts will refuse to display due to the limitations of the CLI javascript package.

Fun lah, but ultimately useless.

Few days ago I discovered an zero-day trojan lurking around the net, it was able to evade 4 popular free AV software that I tried it on, NOD32, Kaspersky, Symantec (ok not free, but on my laptop free) and AVG8. When the exe executed it dropped 2 new exe into special folders most people don’t have by default. It will also refuse to close or be deleted as the two exe will work in tandem to protect each other. Quite cool actually. I am not releasing details since I wan to use it myself LOL… not ON myself tho =)

Good news, I’ve already released my NDP’08 virus into the wild. Let’s see what happens in the next few days. Think should have a few good hits to report kekeke

Can you figure this out?

•August 4, 2008 • Leave a Comment

<Left><Left><Left><Left><Left><Left><Left><Left><Left><Left>- [shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift] [shift][shift][shift][shift][shift];[<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-] [shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift] ;-[C][C]b14b44b82bnbb0vxzkgjb14b420.,,.,.,.,.,.,,..,.,. awwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwa[ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl] [ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl] [ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl] awwwwrwb44.,,.,.,.,.,.,.,.,.,61000dot[tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab]b14,.,,.,.,.,.,..,,.,..,,. wwwwwwwwwwwwwwwwa[tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab]ddddddddddddddddddddddddddddddddddddddddd wddddddddddddwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwb42 ,..,,.,.,.,.,..,.wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadw dwwwawdddddddddddddddddddddddddwwwwwwwwwwwwwwwwwwaaaaaawwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwdddwwwwwwwwwwwawaaaaaaaaaawwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwww[tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab]b44,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,..,.,wwwwwwwwwqqwwwwwwwwwwwwwwwwwwwwadwdw wwddddddddddddddddddddddddd

Can you decipher the above? Heheh… it’s someone playing a game that uses WASD keys to move, and the number keys for weapons… Actually it’s Counter-Strike!! TAB for score, shift to run? I think ctrl is duck LOL…. captured this from one of my victims infected with my keylogger.

Still got ppl playing CS? Mmm maybe CS:Source.

National Day fast approaching. Since I did the National Day (Beng)Hack(s) Run last year, this year I’ll do it again. 43rd birthday Singapore! NDP’08 should be a special one, with 8.8.8 being a big deal for China and the Olympics. But what? Oh btw I found that I wasn’t the only one (ok lah, I’m not that a big deal that everything I do is original!!!) doing National Day attacks heheh. Very common to use holidays to get ppl to read spam and get themselves infected with trojans. There was a cool attack during the USA 4th July Independence Day this year, using fireworks as a cover. You can read about it here.

Anyway back to topic. Haven’t decided what to do yet but Trinity suggested something to do with NDP’08, like Marina Bay or the heart-shaped fighter jet stunt (which BTW I can see from my place every NDP preview session!). Maybe that ba.

My lecturer suggested I check out the JobCentre fair at Suntec this month, to see if there’s available jobs in the market for people of my interests, ie hacking code, writing virus, etc… yes I’m going down, see see look look. I was thinking at the same time, if ppl give out free thumbdrives during the session, how many of them will have autorun trojans?