Month: May 2009

Hacked by Bader2010

I  was away  from home for a week and returned back yesterday evening.  As I had a weeks emails pending, the first thing I did after reaching home was to  access gmail. To my horror,  google was telling me that I am providing a wrong password. Then, I tried to log in to my blog. I found out that my blog has been defaced. I was getting the following screens, Some Arabic bymn was played in the background.

bad1

bader2010

This page will give you some more information on how a hacked page look like.    I contacted my web hosting provider  and got the password for the site reset and the site was  back with in my control.

However  gmail id  was my lifeline and I had to recover it at any cost. I tried to  recover my password from the gmail login page as below.

google1

The next page had these options.google2

I selected my account has  been compromised  which gave me the following link.

google4

The account recovery page is here. Have a look at it.  Your scucess in retrieving the  account lies in accurate answers in this page. I filled out the following sections.

google51

google6

Fortunately, I remembered who invited me to gmail.( I  had a gmail account at a time when gmail invites were sold on ebay).   Also, I use filters and labels heavily for handling mail.   There was some fuzziness with dates , still I could approximate it.   I have a couple of blogs linked to the account and an orkut profile. I knew only the url of my blog on blogspot.  I  was very skeptical whether I will get it back. I submitted and waited  any response form google.  About an hour later I recievd the following mail from google.

google7

I reset the password and  retrived my account.  The attaker had tried to capture some of my other  on line assets from the gmail id. Some of  the automated responses had his IP address logged( or it might be a proxy). I traced the attacking  IP  to Saudi Arabia.

Why I lost my account ?

There  may be several reasons. Here are some of my assumptions .

a) I had a weak password. ( 6 letters and that too based on a dictionary word)

b) I had enabled POP3 access for my gmail account, even though I was not using it. There are plenty of scripts like this available on the Internet  for  brute force  attack on gmail accounts via POP3.

c) I had used my account from a friends place last week  on a windows XP machine. May be that machine has a key logger installed and the attacker might have obtained the password via IRC  from there.  I cheeked my home machines  for  any possible root kits,  but I could not find any.   My windows machines do not have internet access.

d) Some one might have stolen the password from one of the machines that I use at college. ( As we are having vacation now , I  can safely rule out this possibility)

What  information one must keep about  google accounts.

1) If some one invited to a gmail account ,  keep the email.  It can save you a lot of trouble.  It will give you some idea about the date of creation  of your account.

2)  If you use labeling and filters , remember the labels.  You can give easy to remember names  and  context relevant labels to your mail.

3)  Even if you are not blogging , create a blog on blogspot . The URL of the blog can be an important information.

4)  Email addresses are not by hearted as phone numbers.  So export the your gmail contact list to a file and keep it. The account recovery page asks for   up to five frequently contacted email ids. ( Click on contacts on the left side of any gmail page and select export to save the contacts.)

5) Set up a secondary email id  and give it a different password.  ( You can use Settings->Accounts->google account settings-change security question for this.)

6) Set up a  security question.  It can save you a lot of trouble.

7) If you use orkut, keep the URL of your orkut profile.

You can obtain it from your orkut home page as shown in the figure below.

orkut

9) Disable POP3 and IMAP if you are not using them.

10 Use a Strong password. This is the most important step.  In the change password page, make sure that your password is strong as shown in the picture  below.

gmialpass

Disabling the new notification system in Ubuntu 9.04

volume

The  notification system in the newly released ubuntu 9.04 ( Jaunty)  uses the notify-osd framework.  This system provides a standard way of  doing passive pop up notification on the  desktop.The notifications are semi transparent click through  bubbles.  These pop ups will disappear after  a short period of time.  Some  times  these bubbles    can be irritating.

You can disable the  notifications with the following command.

mv /usr/share/dbus-1/services/org.freedesktop.Notifications.service /usr/share/dbus-1/services/org.freedesktop.Notifications.service.disabled

( You have to restart X )

You can switch back to the original gnome-style  notification system  by installing the package named  gnome-stracciatella-session. Also ,  have a look at this blog.

# apt-get install gnome-stracciatella-session

Installing LTSP on Ubuntu 9.04

Installing LTSP and enabling thin clients to boot from your ubuntu 9.04 machine is very  easy.

I did the following steps.

a) Install ubuntu 9.04   ( aka Jaunty) desktop   with a static IP.    (  A static IP is needed as your ubuntu box is going to act as a server. My IP is 192.168.0.1). Set up Internet access on this machine. You need to download a lot of packages  from the net to complete the installation.

b)  Install  the packages  ltsp-server-standalone and openssh-server

# apt-get install ltsp-server-standalone
# apt-get install openssh-server

c)  Build the LTSP client environment.

#ltsp-build-client

This  command will download all the necessary packages from Internet and build  your environment.

Have a look at /opt/ltsp/i386. This directory will  now contain the chroot environment for the thin clients.  If you want to tweak any settings  you cna do it here.

d) Edit the  /etc/ltsp/dhcpd.conf to suit your network setting. This file  will serve  the ip range  192.168.0.20 192.168.0.250 by default. If your network uses this range you can leave it  as it is. (The default file worked for me as my server IP is 192.168.0.1)

e) Run the following commands.

#ltsp-update-sshkeys

#ltsp-update-image

The first  command above will export the ssh keys of the server  to the ltsp client environment. The  ltsp-update-image command will rebuild a squashfs image from the ltsp chroot environment and place it under /opt/ltsp/images directory.  This image will be exported to the thin client as root file system by the NBD daemon on the server.

Your LTSP server is ready.  Try booting form a client via pxe or etherboot. You can also try to boot the thin client in qemulator.
There is a sample script for this in /usr/share/doc/ltsp-server/examples/ named qemu-ltsp.

Note:    If you change any thing under /opt/ltsp/i386 , you must rebuild the image for the change to be reflected on the client. Also, if you change the IP address of the server you must do an ltsp-update-sshkeys followed by  ltsp-update-image.

Brute force removal of a deb package in Ubuntu

Today  I was  playing with ubuntu 9.04 .  I tried to install  wwwoffle the  off-line  proxy server.  At the end of installation it failed with a  ” Sub process /usr/bin/dpkg failed ” message.  There was some thing wrong.    Fixing the system required removal of the package. I tried the following in succession in vain.

# apt-get remove wwwoffle

#dpkg -P wwwoffle

#dpkg –force-all  -r wwwoffle

I was stuck.  I did a manual removal of the deb package like this.

a) List out all the file of the deb package.

# dpkg -L wwwoffle

b) Removed all the files from the above list by hand.  If you are smart enough you can write a script for that.

c) Remove the package using apt

#apt-get remove wwwoffle

Manhattan Style construction for Hobbyists

Most of the home brewers and electronics hobbyist  see  fabricating  a PCB as a roadblock . I  will describe an alternate approach to circuit construction where you  need only bare copper clad sheet. This method is some times called Manhattan method.( I don’t know the reason.)

The basic ingredients  you need for this type of construction is bare copper clad sheet. Either glass epoxy or paper phenolic  boards can be used.  As the first step take a small pieces of copper clad sheet and chip it into small pads. There is no minimum size or maximum size . Use a sharp tool like a chisel  for cutting the board. Some sample pieces that I made is shown in the figure below.  If you have access to a sheet metal cutting tool, it is very easy to make them.  I keep a small box of such PCB chips.

050720093144

Collect all the components that you need for construction.  Study the circuit you are planning to build  and make a rough  layout of component placement  on paper. Pay special attention to the size and shape of the components you are planning to use.  If possible,  make  the circuit layout  section by section . This will make debugging easier.  The circuit will be fabricated on a a plain copper clad sheet .The copper clad sheet will be the ground of your circuit  Keep this in mind when you make the sketch. Here is the circuit and  a rough sketch I made for constructing  bitx20. ( This is RF preamplifier stage of bitx20).

ckt 050720093154

Make a pad layout next from the above layout.

050720093155 050720093145

The size of the copper clad sheet needed can be roughly estimated if you have some idea about the components. Cut a sufficiently large piece of copper clad and then clean it properly.  Affix the pads using super glue. Any other adhesive used in electronic repair can be used.

050720093143 050720093146

Now start soldering . Make sure that the pads are clean. I use a sharp knife to clean the pads. Start with the resistors. Keep the leads small..  Next , solder the capacitors followed  by other  low foot print components.

050720093147 050720093149

Finally, fix the transistors. You circuit is ready for testing .

050720093152

There are several advantages to this type  of construction. The plain copper clad sheet will act as a ground plane and will improve the performance of RF circuits. Also, If you want to replace a faulty component it is very easy.