Tuesday, September 29, 2009

Working With Sanbox

Yesterday I was trying some modified virus versions on my MAC while I discovered that I was loosing the virus control. It was like Panic ! Fortunately I recovered my system but how to follow my tests ? Installing a new OS X system on a virtual machine seems to o much time consuming, moreover I don't have any OS X iso around my office. So I decided to use Sandboxes ! I looked around for a while before figure out that on every OS X (>10.5) there is an already installed sandbox: :"SandBox-exec".

From wikpedia for people not familiar with sandbox:

Sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.
The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

How does it work ?
Well it's pretty easy. First of all take a look into /usr/share/snadbox/ for a complete list of configuration commands. After that try to build your own configuration file, here a very simple "Deny All network Connections"

(version 1)
(allow default)
(deny network*)

Here the screenshot of a ping used without sandbox-exec and within sandbox-exec (click on the picture to enlarge) :

I totally suggest this approach to test unknown files or suspected files, even if made from your hand.

Monday, September 21, 2009

Just kidding

I know, this post is quite out of topic, but yesterday I saw a funny police man over an hold and slow Harley, and immediately comes in my mind Italian's police, the fastest police in the world (fastest in terms of cars and motors). I cannot stop me to show this picture :D

I'm just kidding, I know that US' police is very different !

Tuesday, September 15, 2009

Yes, I've done.

This pictures from my desktop should be auto-explicative to everybody who knows Virus Infections.

I know, probably this post may seem encrypted, sorry for all the people not familiar with that

Monday, September 14, 2009

Grabbing Movies from Hulu

Hey folks, as you probably know hulu works great in US especially if you don't have a digital TV. Some time happens that your wireless internet connection is weak, mainly if you are living in a flat and surfing through your neighbor access point, and you get difficult to watch your favorite movie. In this scenario what you need is to download hulu stream video during afternoon and watch it offline in your favorite night.

I've tried a lot of softwares around internet but none is great as "Hulu Video Downloader" is:

You can download Hulu Video Downloader 3.23 for free here. To have the full functionality access you should pay a fair fee, but if you just want to download streams from websites without any additional conversions "Hulu Video Downloader"is what you're looking for . Extremely easy and extraordinary intuitive, allows you to download one stream per time. Unfortunately exist only for Windows, so if you're a MAC user, like me, you need a virtual windows machine equipped to download and to convert web streams.

Monday, September 7, 2009

YouTube Visit Increaser

Hello folks,
today I wanna show a really nice "underground" software: TubeIncreaser.
Thanks to 'increaser', it' s so easy increasing your youtube channel or your youtube video views. Let's try to increase the following video: http://www.youtube.com/watch?v=f1OuzN9XB9o, it's just a few viewed video.
1) Open Tube Increaser, you should see something like that

2) Download a often updated ProxyList from here, refill the fields as you like, and open the downloaded proxy file into Tube Increaser. You should have something like that:

3) Now, simply press on START

The process keeps long time (hours) especially if the proxy you are using is pretty slow. So be patient, let TubeIncreaser working in totally quite during your sleeping hours.

Saturday, September 5, 2009

Seth Explains Why AT&T Does Not Work Properly

Even in DC, AT&T doesn't work properly: few bars and low quality; when it takes the voice is going slower and faster randomly, "Seth the Blogger guy" is really Seth Bloom, a Senior Vice President at AT&T's outsourced public relations group. His title is as genuine as his message.

Friday, September 4, 2009

What's happening to Apple ?

Yet another security lags in Apple Java patches.

Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago.

The patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20, and 1.4.2_22, which Java creator Sun Microsystems released on August 5. No doubt, the four-week turn-around time is better than an update from June, when Apple trailed Sun by six months, but it's still problematic.

Read more

Thursday, September 3, 2009

a Nice reading for your week-end

Hi folks,
this morning I had this reading on iPhone passcode bugs. Written on 09/02/2009 it's an interesting exeriment on iPhone security.

As an IT security professional, I was tasked with evaluating the iPhone’s security features for the enterprise (more iPhone management tests here). Over the past few weeks, I have been testing different aspects of the new iPhone 3GS, particularly the interaction with Exchange ActiveSync (EAS) and device password policies. During my testing, I discovered some strange behaviors with how the iPhone handles device password policies, as well as passwords altogether.

Have a nice reading.