Teratak Buluh

Dapatkan DUIT dari Ziddu

2012-01-01T00:00:00.000+08:00

Ziddu adalah Free Unlimited File Hosting. Anda dapat menyimpan file anda di Ziddu secara GRATIS dan kemudian menyebarkannya di internet. Kita bisa upload file kita yang akan di share (di bagi) dengan orang lain. Dimana orang lain tersebut nantinya bisa men-download file yang kita upload tadi.
Bagi Anda yang ingin mengupload file-file seperti file dokumen, file word, e-book, mp3, pdf, gambar atau file apapun ke internet saya merekomendasikan Anda menggunakan fasilitas dari Ziddu.
Anda bebas menyimpan file-file yang ingin Anda sebarkan di internet tanpa dibatasi kuota. Setelah Anda meng upload file di Ziddu akan diberikan link download dimana Anda dapat menyebarkan link download file Anda tersebut. Anda dapat meng-copy link download tersebut yang kemudian dapat anda paste di blog anda, di Friendster atau Facebook anda.

Paijo sedang sibuk : “Kenapa harus Ziddu ?, bukannya ada banyak file hosting yang lebih baik di internet sana ?.”
Topan : “Selain 100 % gratis, dan Unlimited disk space (bisa upload file sebanyak mungkin), Kelebihan dari Ziddu adalah kamu akan DIBAYAR ketika file yang kamu simpan di Ziddu ada yang mendowloadnya. Begitu Jo !!.
Paijo sedang sibuk : “Jangan sok tahu lo kamu pan !.”
Topan : “Biarin daripada kamu sok sibuk.”

Berikut perinciannya:
Anda akan DIBAYAR $0.001 jika ada yang 1 kali men downloadnya. Jika di akumulasikan akan seperti ini..

10000 Unique Downloads: $10 USD
50000 Unique Downloads: $50 USD
100000 Unique Downloads: $100 USD
500000 Unique Downloads: $500 USD
1000000 Unique Downloads: $1000 USD

Bonus juga akan diberikan jika Anda merekomendasikan orang lain untuk menggunakan Ziddu sebesar $0.10 Dolar. Nantinya Anda akan diberikan link refferal oleh Ziddu. Nanti akan saya beritahu caranya.

Ziddu akan mengirimkan pendapatan Anda setelah mencapai 10 dolar. Awal bulan April 2009 yang lalu saya menerima pembayaran pertama saya dari Ziddu. Begitu senangnya perasaan saya pada waktu itu.

Anda berminat?
Silakan daftar gratis Ziddu disini. (REF)

1. Setelah masuk, Isikan nama, email, password serta verifikasi kode kemudian klik “submit”.

2. Kemudian anda akan di giring ke halaman baru, di sana anda di minta untuk upload file pertama anda. pilihlah file yang anda pilih kemudian upload.

3. Jika anda tidak langsung masuk ke halaman upload, maka anda bisa mencoba untuk login dengan email dan password yang telah anda buat tadi. kemudian setelah login cobalah untuk upload file pertama anda.

4. Setelah selesai upload maka akan ada link file yang tadi anda upload, nah di sana ada URL yang bisa anda sebarkan di blog, forum, friendster maupun facebook agar orang lain download file tersebut. Oleh karena itu upload saja hal-hal yang bagus dan berguna seperti software, gambar e-book atau MP3. (Mungkin MP3 akan banyak yang akan men-download.)

Setelah itu ada banyak menu yang bisa anda lihat di sana seperti penghasilan anda, file anda, semuanya ada di pilihan toolbar.

Cara mendapatkan link refferal :
Setelah anda login, cobalah untuk melihat di bawah dan klik pada tulisan “refferal banner”, kemudian di sana anda akan mendapatkan link refferal Anda. Sebarkan saja link tersebut di forum, blog, friendster maupun facebook selain itu anda juga bisa mendapatkan kode banner yang bisa anda pasang di mana saja.

Pembayaran Anda akan di transfer melalaui Paypal.
Jika anda belum mempunyai account Paypal dan ingin mengetahui bagaimana cara membuat account Paypal klik Apa itu Paypal dan cara membuat Paypal.

OK.
Semoga bermanfaat.

Dapat Duit Dengan Freakshare

2011-12-10T20:28:00.001+08:00

Melihat perkembangan bisnis online di internet semakin lama semakin pesat.pertanda bahwa bisnis online mempunyai prospek baik kedepannya.malam ini saya mencoba sharing mengenai bisnis online di file hosting.dalam hal ini saya membahas file hosting di freakshare.net.sudah pada tahu kan tentang freakshare.net?.memang di internet banyak sekali situs penyedia file hosting seperti halnya ziddu,mediafire,megaupload,2shared,4shared,dll.namun untuk mendapatkan penghasilan di file hosting,saya rekomendasikan di freakshare.net.ada apa ya?,kenapa ngga ziddu aja?kan udah terbukti membayar dollar.menyikapi pertanyaan tersebut,ziddu sekarang sudah mulai menurun pelayannya.saya sering mengalami error saat download di ziddu dan banyak pop-up bermunculan [maaf ya gan file download-an ane sementara ini masih di ziddu ].
Yap,untuk kedepannya ane usahain pindahin semua ke file hosting yang lebih baik [kalau sempet ].tentunya di freakshare.net.freakshare merupakan alternative lain mendapatkan keuntungan dari setiap file yang didownload dan mengikuti program affiliasinya.tergantung agan maunya yang mana?dua-duanya juga malah lebih bagus.komisi yang kita peroleh dari freakshare bukanlah mata uang $dollar,melainkan €Euro.wow,,malah lebih mantabb lagi gan.detailnya

Earn up to 40 € for 1000 Downloads.
For every advertised Premium Account you earn 1 €
We pay you 10% from the money earned from affiliates who you referred to our Service [1 € = $ 1,22]
min upload 5MB/file,PayOut min 20€Euro [Paypal]

Nah gimana gan,seru kan.daftarnya gratiss,,tiss,,tiss dan tidak membatasi dari negara mana saja boleh kok.Sedikit Tips dari ane: gimana caranya dapetin €€ dengan mudah dan cepat?.pertama,posting keforum-forum besar gan.seperti kaskus danlebih cepetnya lagi gabung di forum luar yang jumlah membernya paling banyak.biasanya di forum negara indya [belasan juta member],china[puluhan juta member,hanya saja bahasanya ngga ngerti kanji semua].dan untuk file yang paling laku didownload adalah file video Por*n* gan :-p .intinya,sebarkan link download freakshare kamu sebanyak-banyaknya dan sertakan file gambar yang menarik pada saat posting,gunanya untuk memancing downloader.biar cepet laku file kita gan .ya sudahlah ngga usah lama-lama lagi deh gan,mending langsung join dan upload filenya+mari berburu Euro bersama-sama.tenang aja gan,gratis sepanjang masa.

OpenFiler 2.99 - Attempted to Create Software Raid 1 Array - Failed...

2011-06-08T10:06:00.000+08:00

Heres the code you need to get RAID1 working on Openfiler 2.99:

You need to type the following commands into the shell.

Code:
conary update mdadm=openfiler.rpath.org@rpl:devel/2.6.4-0.2-1

This will install the correct mdadm files, once installed type the next command in.

Code:
ln -s /sbin/lvm /usr/sbin/lvm

This ensures that the GUI is populated correctly.
This will then allow you to create all of the software RAID types without issue.

I extracted this info from here: http://www.everything-virtual.com/?p=349

Dionea - Honeypot

2011-04-01T11:39:00.001+08:00

Copy N Paste from

http://networkdefense.com.au/2010/06/12/first-experiences-with-dionaea/

After a lot of reading, a few very late nights, and a fair bit of indecision I decided to install Dionaea. It was down to mwcollectd or Dionaea as my next choice for a 30 day test, but I had quite a few issues getting mwcollectd running properly. I think this is mostly due to my lack of experience compiling stuff in linux, and also not understanding what to do when things fail or don't compile as expected. So I moved on and began to follow Markus' extensive Dionaea install documentation.

My first few attempts failed, in epic fashion. Initially for some unknown reason I decided to install Python 3 from testing... even though the documentation says to compile it. This brought up issues with sqlite3, again frustrating but a good learning experience. Follow the doco! In the end I had to make a slight modification to the ./configure script when compiling Dionaea, as Cython was not being found. Other than that the install was very smooth. I installed Dionaea under Debian 64bit, chose KDE graphical install and left the 'Standard System' and 'Desktop Environment' options checked.

I thought it would be a good idea to post the steps I took to install Dionaea, not sure if it is of use to anyone else. It's basically just a rehash of Markus' documentation.

1. Stuff from APT
apt-get install libglib2.0-dev libssl-dev libcurl4-openssl-dev libreadline-dev libsqlite3-dev python-dev libtool automake autoconf build-essential subversion git-core flex bison pkg-config

2. gettext / glib
apt-get install gettext
wget http://ftp.gnome.org/pub/gnome/sources/glib/2.20/glib-2.20.4.tar.bz2
tar xfj glib-2.20.4.tar.bz2
rm glib-2.20.4.tar.bz2
cd glib-2.20.4/
./configure --prefix=/opt/dionaea
make
make install
cd ..

3. liblcfg
git clone git://git.carnivore.it/liblcfg.git liblcfg
cd liblcfg/code
autoreconf -vi
./configure --prefix=/opt/dionaea
make install
cd /usr/local/src

4. libemu
git clone git://git.carnivore.it/libemu.git libemu
cd libemu
autoreconf -vi
./configure --prefix=/opt/dionaea
make install
cd ..

5. libnl (optional)
git clone git://git.kernel.org/pub/scm/libs/netlink/libnl.git
cd libnl
autoreconf -vi
export LDFLAGS=-Wl,-rpath,/opt/dionaea/lib
./configure --prefix=/opt/dionaea
make
make install
cd ..

6. libev
wget http://dist.schmorp.de/libev/Attic/libev-3.9.tar.gz
tar xfz libev-3.9.tar.gz
rm libev-3.9.tar.gz
cd libev-3.9
./configure --prefix=/opt/dionaea
make install
cd ..

7. Cython
wget http://cython.org/release/Cython-0.12.1.tar.gz
tar xfz Cython-0.12.1.tar.gz
rm Cython-0.12.1.tar.gz
cd Cython-0.12.1
python setup.py build
python setup.py install

8. sqlite3
apt-get install sqlite3

9. Python 3.1.2
wget http://python.org/ftp/python/3.1.2/Python-3.1.2.tgz
tar xfz Python-3.1.2.tgz
rm Python-3.1.2.tgz
cd Python-3.1.2/
./configure --enable-shared --prefix=/opt/dionaea --with-computed-gotos \
--enable-ipv6 LDFLAGS="-Wl,-rpath=/opt/dionaea/lib/"
make
make install
cd ..

10. libxml2-dev
apt-get install libxml2-dev

11. libxslt1-dev
aptitude install libxslt1-dev

12. lxml
wget http://codespeak.net/lxml/lxml-2.2.6.tgz
tar xfz lxml-2.2.6.tgz
rm lxml-2.2.6.tgz
cd lxml-2.2.6
/opt/dionaea/bin/2to3 -w src/lxml/html/_diffcommand.py
/opt/dionaea/bin/2to3 -w src/lxml/html/_html5builder.py
/opt/dionaea/bin/python3 setup.py build
/opt/dionaea/bin/python3 setup.py install
cd ..

13. udns
wget http://www.corpit.ru/mjt/udns/udns_0.0.9.tar.gz
tar xfz udns_0.0.9.tar.gz
rm udns_0.0.9.tar.gz
cd udns-0.0.9/
./configure
make shared
cp udns.h /opt/dionaea/include/
cp *.so* /opt/dionaea/lib/
cd /opt/dionaea/lib
ln -s libudns.so.0 libudns.so
cd /usr/local/src

14. Curl & C-ares
wget http://c-ares.haxx.se/c-ares-1.7.3.tar.gz
tar xfz c-ares-1.7.3.tar.gz
cd c-ares-1.7.3
./configure --prefix=/opt/dionaea
make
make install
cd ..

wget http://curl.haxx.se/download/curl-7.20.0.tar.bz2
tar xfj curl-7.20.0.tar.bz2
rm curl-7.20.0.tar.bz2
cd curl-7.20.0
./configure --prefix=/opt/dionaea
make
make install
cd ..

15. libpcap
wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz
tar xfz libpcap-1.1.1.tar.gz
rm libpcap-1.1.1.tar.gz
cd libpcap-1.1.1
./configure --prefix=/opt/dionaea
make
make install
cd ..

16. Dionaea (with my own changes on the Cython line from '/usr/local/bin' to '/usr/bin')
git clone git://git.carnivore.it/dionaea.git dionaea

cd dionaea
autoreconf -vi

./configure --with-lcfg-include=/opt/dionaea/include/ \
--with-lcfg-lib=/opt/dionaea/lib/ \
--with-python=/opt/dionaea/bin/python3.1 \
--with-cython-dir=/usr/bin \
--with-udns-include=/opt/dionaea/include/ \
--with-udns-lib=/opt/dionaea/lib/ \
--with-emu-include=/opt/dionaea/include/ \
--with-emu-lib=/opt/dionaea/lib/ \
--with-gc-include=/usr/include/gc \
--with-ev-include=/opt/dionaea/include \
--with-ev-lib=/opt/dionaea/lib \
--with-nl-include=/opt/dionaea/include \
--with-nl-lib=/opt/dionaea/lib/ \
--with-curl-config=/opt/dionaea/bin/ \
--with-pcap-include=/opt/dionaea/include \
--with-pcap-lib=/opt/dionaea/lib/ \
--with-glib=/opt/dionaea

make
make install

Running Dionaea
cd /opt/dionaea/bin/
./dionaea -l all,-debug -L '*'

Within moments of launching Dionaea connection attempts began pouring in, mostly rejected attempts. After around 30 minutes the first sample was received along with some interesting colours flying past - looking forward to going through the logs later this evening. Now all that's left to do is get the p0f ihandler turned on. So far things are looking promising.

Getting Dionaea up and running has been a great experience. I've learned a lot about compiling, dependencies, issues, and Debian in general. I'm very keen to see what kind of information it can produce over the coming month.

- Cooper

*update: 27th November 2010 - Updated Dionaea Install Instructions

Metasploit Framework

2011-03-25T15:59:00.002+08:00

Installation on Ubuntu Linux

The Metasploit Framework is well-supported on the Ubuntu platform. The following instructions should also apply to Kubuntu, Xubuntu, and Debian.

If these instructions do not work for your version of Ubuntu, please try the Generic Linux instructions instead.
Dependencies

Install the Ruby dependencies:
$ sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby libreadline-ruby irb ri rubygems

Install the Subversion client:
$ sudo apt-get install subversion

In order to build the native extensions (pcaprub, lorcon2, etc), the following packages need to be installed:
$ sudo apt-get install build-essential ruby-dev libpcap-dev

Metasploit Framework

Once the dependencies have been installed, download the Unix tarball from the download page and run the following commands:
$ tar xf framework-3.X.tar.gz
$ sudo mkdir -p /opt/metasploit3
$ sudo cp -a msf3/ /opt/metasploit3/msf3
$ sudo chown root:root -R /opt/metasploit3/msf3
$ sudo ln -sf /opt/metasploit3/msf3/msf* /usr/local/bin/

When you've completed this step, you should have a working installation and be able to run modules, pivot through compromised systems, and use most of the Metasploit Framework's features. The following optional installation steps will give you extra functionality.
Database Configuration (optional)
Now that the framework is installed, you'll want to configure a database connection, and enable the Metasploit Framework to connect to it:
For postgres, see postgres_setup (recommended)
For mysql, see mysql_setup
For sqlite, see sqlite_setup (not supported!!).
Extensions (optional)

The Metasploit Framework includes a few native Ruby extensions that must be compiled in order to use certain types of modules.

To enable raw socket modules:
$ sudo apt-get install libpcap-dev
$ sudo bash
# cd /opt/metasploit3/msf3/external/pcaprub/
# ruby extconf.rb
# make && make install

To enable WiFi modules:
$ sudo bash
# cd /opt/metasploit3/msf3/external/ruby-lorcon2/
# svn co http://802.11ninja.net/svn/lorcon/trunk lorcon2
# cd lorcon2
# ./configure --prefix=/usr && make && make install
# cd ..
# ruby extconf.rb
# make && make install
Updates

The Metasploit Framework is updated daily with the latest exploits, payloads, features, and bug fixes. To update your installation of the Metasploit Framework:
$ sudo svn update /opt/metasploit3/msf3/

This can also be installed into the root user's crontab:
$ sudo crontab -e -u root # enter the line below
1 * * * * /usr/bin/svn update /opt/metasploit3/msf3/ >> /var/log/msfupdate.log 2>&1

How To Delete Remembered Network Passwords In Windows

2011-02-02T09:20:00.000+08:00

A user asked in the forums about how to delete a cached password that is stored in Windows. When we want to access another computer (specifically Windows), sometimes if the remote computer requires a password to access its resources like files and printers, we have to give the username and password once and then it remains in the Windows Cache until it is restarted or logged off. And if we check the remember password option, then it remains in even after Windows restart. Here’s the method to delete cached Windows Network passwords:

Go to Start Menu –> Run –> control userpasswords2 and press Enter.

User Accounts Dialog Box will appear, Go to Advance Tab and Click on the Manage Password Button. In Stored User Names and Password press the Remove Button and Remove all users information that you want to delete.

Password Management Best Practices

2010-11-24T10:28:00.001+08:00

This document describes and justifies password management best practices as applied in medium to large organizations. It offers reasoned guidance to IT decision makers when they set security policy and design network infrastructure that includes passwords.

The guidance in this document is focused on how to best manage user passwords. It is not intended to address the special challenges and techniques that arise when managing privileged passwords, that belong to administrators, service accounts, etc.

Look for the figure marks throughout this document to find best practices.

User authentication and passwords

(1)

Definitions

* Identification

The unique identifier that a user types to sign into a system or application is that user's login ID on that system.

* Authentication

Authentication is a process by which a user proves his identity to a system -- normally when logging in.

* Authentication factor

An authentication factor is something a user presents to a system in order to prove his identity. It may be something he (and hopefully only he) knows, or proof of possession of a physical object, or a measurement of some physical characteristic (biometric) of the living human user. In other words, something the user knows, or something he has, or something he is.

* Multi-factor authentication

Multi-factor authentication means authentication using multiple factors . For example, a user might sign into a system with a combination of two things he knows, or a combination of something he knows and something he has, or perhaps something he knows, something he has and something he is.

The premise is that adding authentication factors makes it more difficult for a would-be attacker to simulate a legitimate authentication and consequently impersonate a legitimate user.

* Strong authentication

Strong authentication refers to an authentication process which is difficult to simulate. It may be based on use of multiple authentication factors or use of a single but hard-to-spoof authentication factor .

Authentication technologies

Authentication technologies may be categorized as follows:

Authentication Factor

Description

Example
Secrets: Something you know.

Secret information known only the user.

A password or PIN.
Tokens: Something you have.

A physical device possessed only be the user.

A one time password (OTP) token or smart card.
Biometrics: Something you are.

A unique, measurable characteristic of the user.

Voice print verification, fingerprint, vein pattern, retina or iris scan.

Generally, it is more secure but less convenient to use multiple forms of authentication -- e.g., a one time password token combined with a password or PIN.

These types of authentication may be further characterized as follows:

Characteristic

Secrets

Tokens

Biometrics
Reliable identification? Good Very good Excellent
Requires client-side hardware No Sometimes Yes
Requires client-side software No Sometimes Yes
Typical deployment cost/user 0 $50 $100
Works with legacy systems Yes No No

Due to cost and compatibility with legacy systems, the most popular form of user authentication continues to be a secret password.

Moreover, as non-password authentication technologies are deployed, they are usually combined with passwords to improve their security. For example, tokens are secure -- unless they are stolen, in which case the person who stole the token can impersonate the legitimate user. This is easily remedied by requiring the user to sign into systems with the OTP displayed on a token plus a password or PIN, which a thief would not know.

The remainder of this document discusses how to best manage passwords, to maximize security and minimize cost of ownership. The guidelines here apply primarily to passwords used as a single authentication factor, but can also be applied to passwords used as a second authentication factor, in conjunction with biometrics, tokens or smart cards.

Security threats

(2)

Passwords are simply secret words or phrases. They can be compromised in many ways:

* Users may write them down or share them, so that they are no longer really secret.
* Passwords can be guessed, either by a person or a program designed to try many possibilities in rapid succession.
* Passwords may be transmitted over a network either in plaintext or encoded in a way which can be readily converted back to plaintext.
* Passwords may be stored on a workstation, server or backup media in plaintext or encoded in a way which can be readily converted back to plaintext.

Each of these vulnerabilities make it easier for someone to acquire the password value and consequently pose as the user whose identity the password protects.

Conversely, if passwords are managed securely by users and if password systems are constructed so as to prevent brute-force attacks and inspection or decryption of passwords in transit and in storage, then passwords can actually be quite secure. This document will describe some of the mechanisms for securing passwords.

Human factors

(3)

Users in a large organization frequently have many passwords, each protecting their account on a different system or application. Users are people, not machines, so their ability to securely manage passwords is intrinsically limited. In particular, it is hard for most people to remember:

* Complicated passwords.
* Many different passwords.
* Passwords that change frequently.
* Passwords for systems that are used infrequently.

Without these constraints, password security would not be a problem and there would be no market for other authentication technologies. For example, if every password was changed every day, was remembered perfectly without being written down and consisted of 100 randomly chosen letters and digits, there would really be no need for authentication technologies other than passwords.

Effective password management is therefore taken to mean password management that is secure, user friendly and supportable within the confines of both technology and human behavior.

When people have trouble remembering their passwords, they usually resort to one or more of the following:

* Write down their passwords -- and reduce the security of systems to the security of their physical building, desk or wallet.
* Forget their passwords -- and require frequent assistance from an IT help desk to reset it.
* Use very simple, easily compromised passwords.
* Reuse old passwords as often as possible.

Clearly, sound password management practices must take into consideration human limitations, to reduce the frequency of these insecure practices.

Composing hard-to-guess passwords

(4)

As outlined in (2), one of the weaknesses of passwords is that they can be guessed. While a human may give up after ten or a hundred guesses, software s available to automate the guessing process and try millions of possible passwords per second:

* L0phtCrack: http://www.l0phtcrack.com/ for Windows.
* John the Ripper: http://www.openwall.com/john/ for Windows, Mac OS X or Linux.
* Many others.

To combat password guessing attack, users should pick hard-to-guess passwords. One way to do this is to ensure that the set of all possible passwords is too large to search thoroughly and then to eliminate probable guesses, which an attacker might try first.

The number of possible password combinations is calculated by taking the number of legal characters in a password and raising that number to the number of characters in the password. The possibilities for some typical combinations are shown below:

Character set

5

6

7

8

9

10
0-9 1.00e05 1.00e06 1.00e07 1.00e08 1.00e09 1.00e10
a-z 1.19e07 3.09e08 8.03e09 2.09e11 5.43e12 1.41e14
a-z,0-9 6.05e07 2.18e09 7.84e10 2.82e12 1.02e14 3.66e15
a-z,0-9,3 punct 9.02e07 3.52e09 1.37e11 5.35e12 2.09e14 8.14e15
a-z,A-Z 3.80e08 1.98e10 1.03e12 5.35e13 2.78e15 1.45e17
a-z,A-Z,0-9 9.16e08 5.68e10 3.52e12 2.18e14 1.35e16 8.39e17
a-z,A-Z,0-9,32 punct 7.34e09 6.90e11 6.48e13 6.10e15 5.73e17 5.39e19

Users should choose their passwords from the widest possible set of characters, subject to the constraints of the systems where those passwords reside. For example, most mainframes do not distinguish between uppercase and lowercase and only allow three punctuation marks (fourth row in the table above).

The policy should be based on the smallest acceptable set of possible password values. This, in turn, depends on how fast an attacker can check if a possible password is valid; how much time an attacker has to attack a given password and how log we want the attacker's probability of success to be.

This is best illustrated with an example:

1. Assumptions:
1. Encrypted passwords are not available to an attacker and consequently passwords can only be guessed at a rate of 100/second (this number is high / conservative for an over-the-network attack).

2. An attacker can make an unlimited number of guesses without being detected (this is easy to fix).

3. Passwords are changed, at most, every 90 days.

2. Objective: the attacker's probability of success should be no more than 1%.

3. Technical constraints: passwords may only contain lowercase letters, uppercase letters and digits.

4. Calculation:
1. An attacker can make 90 x 24 x 60 x 60 x 100 = 777,600,000 guesses before a password will expire.

2. There should be 77,760,000,000 possible passwords -- about 8e10.

3. From the above table, a 7 character password is sufficient, so long as users don't pick easily guessed values (e.g., their name or a dictionary word).

In practice, assuming that encrypted passwords are not available to an attacker and that passwords cannot be captured or decrypted in transit, the following policy is a often reasonable:

* To ensure that the search space is sufficiently large:
o Passwords must be at least seven characters long.
o Passwords must contain at least one lowercase letter, at least one uppercase letter and at least one digit.
o If technically possible, passwords must contain at least one punctuation mark, so long as there are many (10 or more) available punctuation marks.
* To eliminate trivial passwords, passwords should not:
o Contain the user's name or login ID.
o Contain a dictionary word, in any language that users can reasonably be expected to know.
o More than two paired letters (e.g. abbcdde is valid, but abbbcdd is not).

Some of these rules merit further discussion, since a naive implementation of the rule can actually reduce password security. Consider the rule "password should not contain a dictionary word." The letters "a" and "I" are legitimate English words, and if the rule is enforced using a dictionary that contains these, then in effect we have reduced the set of available letters from 26 to 24. To avoid this sort of problem, rules of the form "shall not contain" should be fine-tuned:

* Ignore words with 3 or fewer characters, since including such words in a dictionary check may actually make passwords easier to guess, by eliminating too many legitimate password values.
* Consider dictionary words without regard to case. "Hello12" should not be a valid password, even if the dictionary contains "hello" but not "Hello".

Unicode and other non-Latin passwords

(5)

Most password composition rules focus on how passwords composed of Latin characters (i.e., "English language" letters), digits and punctuation marks are composed.

Unfortunately, English is the native language of no more than 400 million people and is spoken by no more than 1.5 billion people -- out of a global population of over 6.5 billion people. In other words, even if other European languages that use a similar character set are included, a focus on Latin characters ignores at least 2/3 of the world's population.

This not just an academic problem. Many organizations are global in nature and include users who speak a variety of languages. A system or application whose users reside around the world needs to enforce a password policy that makes sense for all of them, not just for those who happen to prefer English.

Password management for multi-lingual users is a broad subject, but following are some important considerations:

1. Most users, in most countries, have keyboards that include most Latin characters. This means that they are able to type passwords composed of "English" letters, even if they don't read or write the language.

2. Not every system or application supports non-Latin characters in the password field. When composing an enterprise password policy, it's important to consider the limitations on the password fields of in-scope systems and applications. Failing to do this can yield a policy that is relevant to only some systems.

3. In countries where Chinese, Japanese or Korean (CJK) is spoken, text input often involves a display component. For example, a Chinese user might type the pinyin representation of a character and the input software will display a list of matching characters. The user will then choose the desired character and start on the next character.

This pattern is normal for input of text in the CJK languages but is problematic for passwords since password input should not be visible to other people in the physical vicinity.

Most CJK users avoid this problem by choosing passwords that consist only of Latin characters -- something that may surprise native English speakers.

Some best practices follow from this discussion:

1. Encourage or require users to restrict their passwords to Latin characters, both for compatibility and to avoid input methods which display the characters users type.
2. Do use a dictionary lookup to ensure that new passwords are hard to guess, and do include dictionaries of non-English words represented in Latin character sets (e.g., Pinyin, etc.).

Changing and reusing passwords

(6)

Over time, passwords may be compromised in many ways, including:

* Users may share them with friends or coworkers.
* Users may write them down and they may subsequently be exposed.
* Passwords may be guessed, either by humans or software.
* The servers that store passwords may be compromised and their passwords acquired by an intruder (encrypted, hashed or plaintext).
* The networks over which passwords travel, between a user's workstation and the system into which the user signs in may be compromised, again leading to compromise of a password.
* Users may be tricked into revealing their passwords (phishing).
* The help desk may be tricked into giving an intruder a valid password (social engineering).

To limit the usefulness of passwords that have been compromised, a best practice is to change them regularly. A common rule in many organizations is to force users to change their passwords when they log in, every 60 or 90 days.

In general, users should be required to change their passwords regularly. The password expiry interval should not be longer than 90 days.

For the same reasons, users should not reuse old passwords, as they may already have been compromised. Many systems support this by recording some representation of old passwords and ensuring that users cannot change their password back to a previously used value.

When password history is enforced, users may figure out the number of passwords stored for this purpose. As this number is usually 10 or fewer, a user who would prefer to keep his password the same may make a series of consecutive password changes where the final password value is the same as the first one.

To defeat such "smart" users, some systems also enforce a password rule that limits the number of password changes that a user can make in any given day. By making the process of defeating password history take several days, users are discouraged from trying to reuse old passwords.

A better approach, though not available on all systems, is to simply maintain an unlimited number of entries in each user's password history. Since disk storage is inexpensive, this approach is practical on modern systems. With this approach, users can change their passwords as often as they like -- and still never be able to reuse old ones.

Keeping passwords secret

(7)

Passwords are intended to reliably differentiate between the authentic user and impostors. As such, they must be secrets -- known only to the user they identify.

Users frequently behave in ways that lead to password disclosure. In particular, users may:

* Choose passwords which are easily guessed -- so are not really secret.
* Share their passwords with coworkers, friends or family.
* Write down their passwords and place the written password near their computer or in a supposedly private place like a wallet.

A comprehensive password policy should explicitly forbid these behaviors and specify negative consequences to users who violate the policy.

To help users comply with an effective password policy, user friendly password management tools and processes should be provided. Key among such aids to users are password synchronization and single sign-on.

With either synchronized or automatically filled-in passwords, users have fewer passwords to remember so they are less likely to write down their passwords.

Intruder detection and lockout

(8)

Many systems can detect repeated attempts to sign into an account with incorrect passwords. A pattern of failed logins may be due to:

1. Typing problems. For example, the user may have the Caps Lock or Num Lock key enabled and not realize it.
2. A forgotten password.
3. The wrong password being used. For example, the user may be trying to sign into system A using the password for system B.
4. An intruder trying to sign into an account by guessing the legitimate user's password.

To deter the last of these, it's reasonable for a system that detects too many invalid attempts during a short period of time to lock out the user's account and prevent further attempts, at least for a while. This is called an intruder lockout.

Many systems include an "intruder lockout" feature. If N invalid attempts to login to the same account are made during an interval of Tdetect minutes, then the account is disabled for Tlockout minutes.

While this mechanism is effective against concerted attacks against a single account, it does nothing to prevent an intruder from simultaneously trying to guess the passwords of many users. A more sophisticated mechanism might extend this as follows: If M invalid login attempts are made from network address A, to any account, during an interval of Tdetect minutes, then the address A is disabled for Tlockout minutes.

This will deter intruders with access to just a single network device/address from which to carry out their attack.

Intruder lockout also has a down side -- it can be used to carry out a denial of service -- by systematically locking out many accounts, including administrator IDs.

Because of these fundamental limitations, the best practice is to combine several intruder lockout-related policies:

* Apply only to users, exempting at least one administrator login. This limits the scope of denial of service attacks.
* A compensating control is required here, such as requiring administrator IDs to have very complex passwords that are changed more frequently than user passwords. This way, they cannot be guessed (too hard) or locked out (feature not available).
* Apply a high threshold for intruder detection -- for example, 10 failed login attempts in 5 minutes. This prevents spurious lockouts caused by users who have trouble remembering or typing their own passwords.
* Automatically and quickly clear lockouts -- for example, after 10 or 15 minutes. This reduces the impact on legitimate users while continuing to significantly impair the ability of intruders to make bulk password guessing attacks.

Encrypting passwords in storage and transit

(9)

Passwords may be stored on user workstations or servers. They must be transmitted, in some form, from the user's workstation to a server when the user signs into systems and applications.

Most organizations are powerless to improve the manner in which existing infrastructure uses encryption to protect passwords. However, staff responsible for developing a new applications that include password authentication can and should take effective precautions, such as storing passwords using a well-known and trusted hashing algorithm such as SHA-256 or (somewhat less effective, but still infeasible to find a collision in 2010) SHA-1.

Passwords transmitted from a client device to a server are similarly subject to weaknesses in the protocol used by the relevant application. For example, Telnet and TN3270 are plaintext while SSH and SSL are strongly encrypted. Where password security is important and where one cannot trust the physical security of all communication media between a user and the systems he logs into, then additional mechanisms, such as IPSec should be considered to protect that communication.

Some client devices and applications cache passwords and automatically provide them to servers on behalf of users, as required. Cached passwords should also be cryptographically protected, but in this case encryption rather than hashing is required, since the password must be recoverable.

In some cases, the protocol provided by a vendor may encrypt passwords when they are used to login to a system, but not when a password change is transmitted. This happens with Oracle SQL*Net, for example. In these cases, if password management software is deployed, it is helpful for that software to implement its own encryption for password transmission, beyond that provided natively by the application vendor.

Synchronizing passwords

(10)

Password synchronization technology helps users to maintain the same password on two or more systems. This, in turn, makes it easier for users to remember their passwords, reducing the need to write down passwords or to call an IT help desk to request a new password, to replace a forgotten one.

There is some debate as to whether password synchronization makes systems more secure or less. The arguments are as follows:

* Synchronization reduces security:

If a single system is very insecure, then compromising that system will give an intruder the passwords for every other system which uses synchronized passwords.

This weakness is avoided by requiring that users employ unsynchronized passwords on such weak systems.

* Synchronization improves security:

Users with many passwords have trouble remembering them and consequently tend to write them down. System security is reduced to the security of a piece of paper -- i.e., close to zero.

In practice, it is very difficult to get users who have many passwords to stop writing them down. The two arguments above therefore can be restated as:

* Synchronized passwords: as secure as the least secure system in scope.
* Unsynchronized passwords: as secure as slips of paper.

Since most systems and applications make at least some effort to protect their passwords, synchronized passwords are normally more secure. To mitigate the risk of a single system compromise being leveraged by an intruder into a network-wide attack, there are some password management guidelines to follow:

* Very insecure systems, such as those that use little or no cryptography to protect passwords, should not participate in a password synchronization system.
* Synchronized passwords should be changed regularly, on the assumption that either some in-scope systems are vulnerable or that passwords may be compromised through non-digital means (social engineering, etc.).
* Users should be required to select strong (hard to guess) passwords when synchronization is introduced.

The bottom line is that a single, hard-to-guess, regularly changing password is normally more secure than multiple passwords, some of which may be easy to guess, some of which may not be changed regularly and all of which may be written down.

Single sign-on

(11)

Single sign-on (SSO) is any technology that replaces multiple, independent system or application login prompts with a consolidated authentication process, so that users don't have to repeatedly sign in.

Taxonomy of SSO Systems

There are several types of single sign-on systems:

1. Enterprise SSO -- application login prompts continue to ask users to type their login IDs and passwords, but software on the user's PC automatically automatically identifies and fills in these dialogs.

2. Agent-based web SSO -- agents on each web application check whether the incoming web browser (and by extension, its user) has already been authenticated. If so, no further authentication is required.

3. Proxy-based web SSO -- web browsers access web applications through a proxy, which looks up user credentials and injects them into the data stream sent to each web application.

4. Kerberos -- authentication is performed using a separate infrastructure, outside of other systems and applications. Users sign into the Kerberos infrastructure and their computer receives a token, which can be offered to Kerberos-enabled applications instead of filling in a login prompt.

5. Federation -- similar to Kerberos, but designed to allow single sign-on between different organizations (administrative domains). Users sign into a system in one domain and when they try to access an application in another domain, a security assertion is forwarded from their source domain indicating who they are.

Security of SSO Systems

When organizations consider various approaches to single (or reduced) sign-on, they generally need to know:

* Is it secure?

The short answer, in general, is "yes."

The longer answer is more nuanced:
o Strength of the initial authentication:

SSO works by extending the reach of some initial authentication step. So long as that step is robust, subsequent application logins can also be trust worthy. In other words, if users sign into the SSO system with a strong password (as described elsewhere in this document) or using a two-factor technology such as OTP+PIN, Smart card+PIN or biometric+password, then the SSO infrastructure rests on a robust platform. On the other hand, if the SSO system depends on a weak password or PIN, on a proximity card, on a single physical authentication factor (which could be stolen) or on an easily recorded biometric, then the entire system is vulnerable.

o Strength of stored credentials:

Some of the SSO approaches described above depend on assertions, while others depend on the injection of login IDs and passwords into application login prompts. The latter set includes enterprise SSO and proxy-based web SSO.

Injection of application passwords depends on reliable, secure storage of those passwords. This raises the question of where and how these passwords are stored and how a user's SSO agent is authenticated before it is allowed to retrieve these passwords.

For example, if biometrics or proximity badges are used to authenticate users, how can a key be securely generated to decrypt application passwords? If a weak password is the primary means of authentication, what is to stop an attacker from guessing the encryption key that protects other passwords?

* Is it more or less secure than password synchronization?

The answer here is also nuanced, and depends on how users sign into the SSO system in the first place.

o Users sign into SSO with a password:

If password synchronization covers only secure systems, whose password databases have been protected against attack using strong encryption, good password composition rules, regular changes, history, intruder lockout, etc., then the security difference between SSO and synchronization is the difference between compromising a single robust password database (the one used to sign into the SSO system) and compromising any one of several such systems. i.e., infeasible in either case.

o Users sign into SSO with a weak authentication factor:

If users with into the SSO system using a weak password, proximity badge or single physical authentication factor, then the energy that an attacker must expend to compromise all credentials is lower than what the attacker would have to expend to compromise one of several strong password systems.

o Users sign into SSO with a strong authentication factor:

If users with into the SSO system using a two-factor technology or strong password, then the energy that an attacker must expend to compromise all credentials is at least as high as what the attacker would have to expend to compromise one of several strong password systems, with the possible exception of injected passwords (see enterprise SSO and proxy-based web SSO above) with a vulnerable encryption key management scheme.

IT support for forgotten and locked out passwords

(12)

Sometimes users forget their passwords or type the wrong one often enough to trigger an intruder lockout. When this happens, users generally call their IT help desk and ask for the lockout to be cleared or the password to be reset.

The help desk process normally proceeds as follows:

1. User experiences problems trying to log in.
2. User calls the help desk and may wait in a service queue.
3. Support analyst asks the user for his name and a problem description.
4. Support analyst asks the user for information to prove his identity (i.e., authentication of a human by a human).
5. Support analyst compares this information with some on-line resource.
6. If the user is authenticated, the support analyst will generally do one of three things:
1. Reset the forgotten password.
2. Clear the intruder lockout.
3. Forward the support incident to another IT support person, who has the requisite privileges to perform one of the above functions.
7. The user tries to log in with the newly assigned password.
8. The user may be required to change the new password immediately.

Security challenges

The process described above may be vulnerable to security weaknesses:

* The IT support analyst may forget to authenticate the user at all.
* Information suitable for authenticating the caller may not be available to the IT support analyst.
* Information about caller may be easy for an attacker to guess, making the whole process vulnerable to "social engineering" attacks.
* Many IT staff need to be able to reset passwords and clear lockouts for this process to work effectively. This proliferation of privileged accounts (i.e., those of the IT staff) creates an unnecessarily large attack surface.
* Password resets on some systems may not be traceable back to in individual IT support analyst. This creates a lack of accountability and allows IT analysts to compromise user accounts without consequences.
* The support analyst knows the user's new password at the end of the process, so it is no longer truly secret. This is especially problematic when newly reset passwords do not immediately expire.

Mitigating controls

These problems can be overcome through:

* IT support training, to ensure robust authentication of callers prior to every password reset.
* Ensuring that reliable authentication information is available for every user -- including employees, contractors, etc.
* Providing an application proxy that resets passwords on behalf of IT support staff. This way, both IT staff and callers are authenticated before a password can be reset. This reduces the number of privileged accounts and ensures the the process is consistent and secure.
* Allowing users to reset their own forgotten passwords and/or clear their own lockouts, after suitable non-password authentication -- i.e., self-service password reset. This reduces the number of privileged accounts, enforces a robust authentication process and removes the situation where an IT support analyst knows the user's new password.

User authentication

It is important to ensure that users who request a password reset, either by calling the IT support help desk or using self-service, are reliably authenticated. Following are some practical considerations when designing a non-password authentication system:

* One-time-password tokens, smart cards and biometrics are generally more reliable than security questions, because of the vulnerability of security questions to social engineering attacks.
* Where security questions are used (for example, due to their lower cost or easy availability):
o As many questions as possible should be used.
o The difficulty of guessing the answer to each question should be estimated. The total difficulty of guessing enough answers to authenticate as a user should be approximately the same as the difficulty of guessing a user's password.
o Users should provide answers to both personally-chosen and standardized questions. In the former, the questions are harder to guess but answers are sometimes easy to guess. In the latter, the questions are well known to would-be
o A randomly chosen subset of a user's available security questions should be chosen, to make guessing harder for attackers with a limited set of information about a user.
o Intruder lockout should apply to authentication with security questions just as it does to passwords.

Sample security questions are provided in [link].

(13)

Questions with textual answers

Sample security questions, which may have alpha-numeric questions and so are suitable for a text user interface, include:

* Which bank branch do you live closest too?
* What car do you wish you owned?
* What is your favorite food?
* Who is your favorite book character?
* What is your favorite game or sport?
* What is your favorite movie?
* What is your favorite pizza topping?
* What is your favorite restaurant?
* What is your favorite season of the year?
* What is your favorite sports team?
* In which department did you first work?
* What was your first position in the company?
* What was your first car?
* Who is the person you admire the most?
* What was the most memorable day in your life?
* Who was your childhood hero?
* What is the nickname of your sibling?
* Who was your first boss?
* What award are you proudest of?
* What city were you born in?
* What is the farthest from home you have traveled?
* What is the name of the first school you attended?
* What is the name of the first person you were romantically interested in?
* What is your astrological sign?
* What is your father's middle name?
* What is your mother's' middle name?
* Who is your favorite actor, actress or celebrity?
* What is your favorite musical band?
* What is your favorite beverage?
* What is your favorite board game?
* Who is your favorite book character?
* What is your favorite dessert?
* What is your favorite hobby or pastime?
* What is your favorite ice cream topping?
* What is your favorite song?
* What is your favorite television show?
* What is your favorite vacation spot?
* What is your mother's maiden name?
* What is your place of birth?
* What is your school team's mascot name?
* What was the breed of your first pet?
* What was the color of your first automobile?
* What were the make and model of your first car?
* What was the name of a favorite childhood pet?
* What was the name of your first girlfriend/boyfriend?
* What was the street name of your childhood home?
* What was your favorite toy when you were a child?
* What did you do on your first job?
* What was your first phone number as a child?
* What year did you purchase your first car?
* What was the name of your first pet?
* Who is your favorite politician?
* Who is your most disliked politician?
* Who is a famous, living person you would most like to meet?
* Who was a famous, now deceased person you would have liked to meet?
* Who is your favorite artist?
* Who is your favorite author?
* With whom did you share your first romantic kiss?
* Who was your favorite elementary school teacher?

Questions with numeric answers

Sample security questions, that have numeric answers and so are suitable for authentication using a touch-tone phone, include:

* What is your favorite radio station (number on the dial - NNNN)?
* In what year did you start with your company?
* On what date were you hired?
* What is your parents' wedding anniversary date?
* Type a significant date in your life (YYYYMMDD)?
* What are the last 4 digits of your SSN?
* What are the last 4 digits of your home phone?
* What is a birth date of a family member?
* What is a relative's telephone number that is not your own?
* What is the date of your anniversary [mm/dd/yyyy]?
* What is the mileage distance you live from your furthest relative?
* What is your Country or employee identification number?
* What is your date of birth (MM/DD/YYYY)?
* What is your driver's license number?
* What is your favorite dial number of radio station?
* What is your favorite or lucky number?
* What is your passport number?
* What is your social security number?
* On what year you will be eligible to retire?

Appendix: References

(14)

This document was prepared by Hitachi ID Systems and reflects expertise with password management accumulated through many deployments of Hitachi ID Password Manager (formerly P-Synch).

* About Hitachi ID Systems:
o http://Hitachi-ID.com

* About Password Manager:
o http://Password-Manager.Hitachi-ID.com

* Password guessing programs:
o http://sectools.org/crackers.html
o http://www.l0phtcrack.com/
o http://www.openwall.com/john/
o ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack/

* NIST / FIPS documents about password management:
o http://www.itl.nist.gov/fipspubs/fip112.htm
o http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf

* Best practices for managing passwords for privileged users (as opposed to normal users):
o http://privileged-password-manager.hitachi-id.com/docs/privileged-password-management-best-practices.html

* Unicode and code pages (for multi-lingual users):
o http://unicode.org/
o http://msdn.microsoft.com/en-us/goglobal/bb964654.aspx
o http://msdn.microsoft.com/en-us/goglobal/bb964656.aspx

* Password cracking and password security:
o http://en.wikipedia.org/wiki/Password_cracking
o http://www.cs.unibo.it/%PERCENT montreso/doc/papers/Morris-PasswordSecurity.pdf

* Choosing secure passwords:
o http://www.schneier.com/blog/archives/2007/01/choosing_secure.html

* Disabling LAN Manager passwords on AD:
o http://support.microsoft.com/kb/299656

* Cryptographic hash functions:
o http://en.wikipedia.org/wiki/Cryptographic

* IPSec:
o http://en.wikipedia.org/wiki/IPsec
o http://www.securityfocus.com/infocus/1519
o http://www.ipsec-howto.org/

Kisah Genius Islam Ibnu Sina

2010-10-08T17:20:00.000+08:00

Rencah Oleh: blalang

"Ibnu SinaSemoga biografi ringkas Ibnu Sina ini boleh meningkatkan motivasi kita-kita semua dalam menuntut ilmu dan mengamalkannya dalam kehidupan kita

Nama penuh beliau ialah Abu Ali al Husain ibn Abdullah ibn Sina dan lebih dikenali di masyarakat Eropah dengan sebutan “Avicenna”. Nama panggilan lain beliau selain Ibnu Sina adalah Abu Ali. Beliau adalah salah seorang genius yang mahir dalam pelbagai cabang ilmu.

Beliaulah orang yang membuat ensiklopedia terkemuka dan pakar dalam bidang agama, perubatan, falsafah, logik, matematik, astronomi dan muzik. Selain itu beliau juga seorang pustakawan dan pakar psikiatri yang handal.

Ibnu sina dilahirkan di Afsyinah, sebuah kampung yang terletak berhampiran Bukhara (Republik Uzbekistan) tahun 370 H / 980 M. Ayah Ibnu Sina adalah seorang gabenor Samanite yang ditugaskan di Bukhara. Beliau berasal dari Balakh kemudian berpindah ke Bukhara pada zaman pemerintahan Al-Amir Nuh bin Mansur dan tinggal di perkampungan kecil di Bukhara yang bernama Khirmitan. Namun akhirnya beliau menetap di Afsyanah kerana berhampiran dengan tempat kerjanya. Sejak kecil beliau telah memperlihatkan kepintarannya yang cemerlang dan kemajuan yang luar biasa dalam menerima pendidikan. Ibnu Sina kecil yang tangkas mula belajar al-Quran pada usia 5 tahun. Sejak usia lima tahun itu Ibnu Sina telah mendapatkan pendidikan al-Quran dan sastera dari ayahnya. Pada usia sepuluh tahun ia sudah hafal al-Quran, menguasai ilmu sastera, tasawuf, dan geometri. Belum genap usia 16 tahun, Ibnu Sina sudah menguasai ilmu perubatan. Semasa itulah dia bermula merawat pesakit. Segala kerja kerasnya selama ini berhasil. Ketekunannya dalam mempelajari pelbagai disiplin ilmu menjadikannya pakar dalam berbagai ilmu.

Kemudian nama Ibnu Sina mula dikenali ramai orang. Bahkan di negeri jiran pun, beliau menjadi bahan perbualan.Ramai orang dari negeri jiran datang berjumpa beliau untuk berbincang. Berduyun-duyun penduduk dari berbagai negeri datang untuk berguru dan berubat pada beliau. Ibnu Sina tak pernah berhenti belajar demi mengembangkan keilmuannya. Walaupun selalunya dia tertidur kelelahan. Di usia 17 tahun, di tengah usahanya untuk menyembuhkan penyakit baginda Nabi Nuh bin Mansur, ia terus mengembangkan ilmunya. Sebagai penghargaan raja atas jasanya yang berjaya menyembuhkan raja. Baginda meminta Ibnu Sina menetap di istana, sekurang-kurangnya untuk sementara semasa raja dalam proses penyembuhan. Tapi Ibnu Sina menolaknya dengan halus, sebagai gantinya ia hanya meminta izin untuk mengunjungi sebuah perpustakaan kerajaan yang kuno dan antik. Siapa sangka, dari sanalah ilmunya yang luas ditambah lagi semangat belajarnya yang tinggi. Ia tidak pernah melewatkan waktu sedikitpun untuk bermalas-malasan. Beberapa karyapun telah dilahirkan. Selama 1,5 tahun Ibnu Sina jarang tidur, penuh dengan berbagai ilmu dan analisa. Semangat belajarnya kuat sekali. Ibnu Sina selalu memikirkan ilmu yang sedang dipelajarinya sampai ia memahaminya. Ibnu Sina tidak hanya belajar teori tetapi juga mempraktikkannya. Pengalaman ilmunya terhadap apa yang dipelajari semakin luar biasa.

Ibnu Sina tak pernah berhenti belajar. Ilmunya semakin matang dan mendalam. Pada usia 21 tahun, Ibnu Sina berjaya membuat buku pertamanya, Al-Majmu ‘ketika berada di Khawarazm yang mengandungi berbagai ilmu pengetahuan yang lengkap. Beliau menyelesaikannya berdasarkan semua disiplin ilmu yang dipelajarinya. Ketika terjadi kekacauan di Kerajaan As-Samani, Ibnu Sina mula melakukan pengembaraan. Beliau keluar dari Bukhara menuju Karkang. Dari situ beliau berpindah ke Jarjan dan Khurasan. Namun demikian, pada akhirnya Ibnu Sina meninggalkan kedua-dua negara tersebut menuju ke Dahastan. Setelah itu, Ibnu Sina kembali ke Jarjan dan bertemu dengan Juzjani. Di Jarjan, Ibnu Sina menjadi menteri sebanyak dua kali. Meski demikian, beliau tidak pernah berhenti menulis, mengajar, dan mengarang. Malam hari, beliau mengajar dan pagi hari beliau bertolak ke pejabat Kementerian tempat beliau tugaskan. Buku yang ditulis Ibnu Sina lebih kurang 250 judul, termasuk kitab, esei, dan artikel dalam bidang matematik, mantik, akhlak, fizik, perubatan dan falsafah.

“>Ibnu Sina

Buku-buku yang pernah dikarang oleh Ibnu Sina, dihimpun dalam buku besar Essai de Bibliographie Avicenna yang ditulis oleh Pater Dominician di Kaherah. Karya-karya beliau semasa hidupnya antara lain:

1. Kitab Al Majmu ‘, tentang ilmu pengetahuan yang lengkap ditulis saat beliau berusia 21 tahun.
2. Kitab Asy-Syifa, (The Books of Recovery / The Books of Remedy), tentang cara-cara rawatan beserta ubatnya (18 jilid). Kitab ini di dunia perubatan menjadi ensiklopedia falsafah perubatan. Dalam bahasa latin kitab ini dikenali dengan nama “Sanatio”.
3. Kitab Al Qanun Fit Thibb (Canon of Medicine). tentang cara rawatan yang sistematik (16 jilid). Memuatkan kenyataan yang tegas bahawa darah mengalir terus-menerus dalam suatu lingkaran dan tidak pernah berhenti. Buku ini sejak zaman Dinasti Han di China telah menjadi rujukan standard karya-karya perubatan cina.

Photobucket
Bab Mata dalam buku Qanun at thib.

4. Kitab Remedies for the Heart, mengandungi sajak-sajak. Mengandung sajak-sajak perubatan yang menghuraikan tentang 760 jenis penyakit beserta cara pengubatannya.
5. Kitab An Najah, tentang falsafah.
6. Penemuan tentang anatomi tubuh. Ibnu Sina percaya bahawa setiap tubuh manusia terdiri daripada empat unsur iaitu tanah, air, api dan angin. Keempat unsur itu memberi sifat lembap, sejuk, panas, dan kering serta sentiasa bergantung pada unsur lain yang terdapat pada alam ini.
7. Penemuan tentang rawatan psikomosaik. Beliau mengembangkan ilmu diagnosis melalui denyutan jantung (pulse diagnosis) untuk mengetahui secara pasti keseimbangan emosi seseorang dalam beberapa saat.
8. Penemuan di bidang kimia tentang logam. Beliu menerangkan bahawa benda-benda logam sebenarnya berbeza antara satu dengan yang lain secara khusus. Setiap logam membentuk dengan sendirinya dengan pelbagai jenis. Beliau dianggap penerus dari perkembangan ilmu kimia yang telah dirintis oleh Jabir Ibnu Hayyan (Bapa Kimia Muslim Pertama).
9. Penemuan di bidang geografi tentang asal usul lembah.
10. Penemuan tentang peredaran darah. Beliau mendapati bahawa “Darah mengalir terus menerus dalam suatu lingkaran dan tidak pernah berhenti.”
11. Kitab Fi Aqsamil Ulumil Aqliya (On the Division of the Rational Sciences) tentang pembahagian ilmu-ilmu rasional.Kitab An Nayat (Book of Deliverence) buku tentang kebahagiaan jiwa (merupakan sebuah buku psikologi.
12. Kitab Risalah As Siyasah (Book of Politics) tentang politik.
13. Penemuan di bidang bahan perubatan.
14. Penemuan dalam bidang psikoterapi.
15. Kitab Al Musiqa, tentang muzik.
16. Kitab Al Mantiq, tentang logik. Buku ini dipersembahkan untuk Abu Hasan Sahil.
17. Kitab Uyun Al Hikmah (10 jilid) tentang falsafah. Ensiklopedio Britanica menyebutkan bahawa kemungkinan besar buku ini telah hilang.
18. Kitab Al Hikmah El Masyriqiyyin, tentang falsafah timur.
19. Kitab Al Insyaf tentang keadilan sejati.
20. Kitab Al Isyarat Wat Tanbihat, tentang prinsip ketuhanan dan sembahyang.
21. Kitab Al Isaguji (The Isagoge), tentang logik
22. Kitab Fi Ad Din (Liber de Mineralibus) tentang mineral.
23. Kitab Al Qasidah Al Aniyyah, tentang prosa.
24. Kitab Sadidiya, tentang perubatan.
25. Kitab Risalah At Thayr, tentang karangan roman.
26. Kitab Danesh Nameh, tentang falsafah.
27. Kitb Mujir. Kabir Wa Saghir, tentang dasar-dasar ilmu logik secara lengkap.
28. Salama wa Absal, Hayy ibn Yaqzan, al-Ghurfatul Gharabiyyah (Pengasingan di Barat) dan Risalatul Thayr (Risalah Burung).

Ibnu Sina

Karya Ibnu Sina Berupa Kitab Al Qanun Fit Thibb (Canon of Medicine) telah digunakan sebagai buku teks perubatan di pelbagai universiti di Perancis. Misalnya di Sekolah Tinggi Perubatan Montpellier dan Louvin yang telah menggunakannya sebagai bahan rujukan pada abad ke-17 M. Sementara itu, Prof. Phillip K. Hitti telah menganggap buku tersebut sebagai “Ensiklopedia Perubatan”. Buku ini telah membincangkan serta membahas tentang penyakit saraf. Arahan tersebut juga membahas cara-cara pembedahan yang menekankan tentang keperluan pembersihan luka. Bahkan di dalam buku-buku tersebut juga dinyatakan keterangan dengan lebih jelas disamping gambar-gambar dan sketsa-sketsa yang sekaligus menunjukkan pengetahuan anatomi Ibnu Sina yang luas.

Penulis-penulis barat telah menganggap Ibnu Sina sebagai “Bapa Perubatan” kerana beliau telah menggabungkan teori perubatan Yunani Hipocrates dan Galen dan pengalaman dari ahli-ahli perubatan dari India dan Parsi serta pengalaman beliau sendiri, Ibnu Sina meninggal pada tahun 1073, semasa kembali ke kota yang disukainya Hamadhan. Walau beliau sudah meninggal, namun berbagai ilmunya sangat berguna dan digunakan untuk penyembuhan berbagai penyakit yang kini diderita umat manusia.

Beliau sudah tiada, tapi akan selalu menemani kita. Sekarang, kita harus meneruskan setiap karyanya. Jangan sampai kita hanya boleh bernostalgia dengan membaca sejarah beliau. Ikrarkan dalam hati bahawa “Kita boleh seperti beliau, beliau boleh begitu juga kita”. Jangan kita hanya kagum sahaja tapi kita tidak mahu menggali ilmu yang beliau tinggalkan. Sebab ilmu yang beliau tinggalkan tidak kita pergunakan dan kembangkan dengan baik. Malah, orang barat yang mengembangkannya. Sudah masanya kita bangkit dan kita capai kegemilangan islam dengan ilmu pengetahuan serta iman dan taqwa.

credit to tranungkite

Installing a minimal Ubuntu installation with a minimal Gnome desktop

2010-02-20T17:46:00.002+08:00

Original Post are from http://linuxuser.se/~lassekongo83/2009/05/installing-a-minimal-ubuntu-installation-with-a-minimal-gnome-desktop/

Don’t mind my old guide, this one will explain it a bit better. If you’re like me and don’t like all the software Ubuntu comes with by default you can install a minimal base system without any extra software like OpenOffice, Evolution, Gnome Games for example. You could also install Debian only if you prefer a very stable system. I prefer Ubuntu though because of the more recent up to date software in the repositories.

Getting started

If this is the first time that you install a minimal Ubuntu installation you can test it in a virtual machine before you install it on your main computer. I highly recommend that. Even if it’s a very easy process you may get trouble later on. Try VirtualBox if you want to test it in a virtual machine. You’ll now need the Alternate installation CD – http://www.ubuntu.com/getubuntu/downloadmirrors#alternate or the minimal installation CD – https://help.ubuntu.com/community/Installation/MinimalCD

When the Alternate CD is booted you must select your language. Then press F4 and select Install a command-line system. Press enter and start installing. The installation process should be quite straightforward if you have an internet connection and all. No need for me to explain all the easy steps. Same goes for the minimal CD except that you need to type CLI before you start the installation instead of pressing F4.

Installing a graphical user interface

So your system is up and running and you’re logged in with your new user in the command line. Now for the fun, building your own installation with the software you want. Before you continue, run sudo apt-get update && upgrade to upgrade your Ubuntu installation to the more recent up to date software. Now you need a user interface, run: sudo apt-get install xorg gdm gnome-core to get a graphical login manager and a minimal Gnome desktop. The current system isn’t very pretty when you start Gnome, to change this you can install some gtk-engines and themes with sudo apt-get install gtk2-engines human-theme. Now it’s all up to you what software you want to use, so check http://packages.ubuntu.com/ to see what software you need. You’ll probably want a browser and an archive-manager – sudo apt-get install firefox file-roller gdebi. Have fun with the rest. Gnome without a lot of bloat feels much better.

Virtual Box - Connect to wireless network from guest OS?

2010-02-20T13:00:00.002+08:00

1. Shut down your Guest OS .
2. Open up virtual box - your Guest OS vm should be powered off
3. click on your Guest OS vm
4. click settings
5. Click Network
*If You want NAT use this configuration
6. You should have adapter 1: (Enable Network Adapter checked) Adapter type: Intel PRO/1000 MT Desktop, Attached to: NAT, Name: (blank)
7.Click on adapter 2 - here you will create a new adapter.. Adapter type: Intel PRO/1000 MT Desttop, Attached to: Bridged Adapter, Name: en1:AirPort

* If You want to use existing IP LAN,
8.In adapter 1:
- (Enable Network Adapter checked)
Adapter type: Intel PRO/1000 MT Desktop,
Attached to: Bridged Adapter Name: (blank)
8.Click OK.
9. Start your Guest OS VM and enjoy networking goodness

Reset your lost Ubuntu Password

2010-02-17T19:08:00.003+08:00

If you ever get locked out of your Ubuntu installation as I found myself to be tonight, you can reset your password quite easily using the following steps.

1.Power up your computer.
2.Press ESC at the grub menu.
3.Press e for edit.
4.Highlight the line that begins “Ubuntu, KERNEL ………” and press e.
5.Go to the end of this line, add rw init=/bin/bash and press enter.
6.Press b to boot your system.
7.Your system will boot up to a passwordless root shell.
8.Type in passwd username where username is the username you lost the password for.
9.Set your password.
10.Type in reboot.
That is it! you can now log in using your new password. You can even reset your root password here but cannot login with it at the login screen.

XP: Small, Free Way to Use and Mount Images (ISO files) Without Burning Them

2009-09-16T15:23:00.000+08:00

XP: Small, Free Way to Use and Mount Images (ISO files) Without Burning Them

Contributed by MickeyMouse August 27, 2004
ShareThis Tagged: Windows

Microsoft has an unsupported virtual CD-ROM program. Why buy alcohol or Daemon Tools?

Alcohol and Daemon Tools are excellent software packages that allow users to mount ISO files as virtual CD-ROMs. Yes, there is a way to use that ISO without burning it to a disk.

Although I love these tools, Microsoft has a free, 60kb program that does the same thing! Of course, it is not supported… and it’s not as friendly as the software listed above; however, it works and it’s free.

Here’s the download link:
winxpvirtualcdcontrolpanel

Here’s the readme:

THIS TOOL IS UNSUPPORTED BY MICROSOFT PRODUCT SUPPORT SERVICES

System Requirements
===================
- Windows XP Home or Windows XP Professional

Installation instructions
=========================
1. Copy VCdRom.sys to your %systemroot%\system32\drivers folder.
2. Execute VCdControlTool.exe
3. Click “Driver control”
4. If the “Install Driver” button is available, click it. Navigate to the %systemroot%\system32\drivers folder, select VCdRom.sys, and click Open.
5. Click “Start”
6. Click OK
7. Click “Add Drive” to add a drive to the drive list. Ensure that the drive added is not a local drive. If it is, continue to click “Add Drive” until an unused drive letter is available.
8. Select an unused drive letter from the drive list and click “Mount”.
9. Navigate to the image file, select it, and click “OK”. UNC naming conventions should not be used, however mapped network drives should be OK.

You may now use the drive letter as if it were a local CD-ROM device. When you are finished you may unmount, stop, and remove the driver from memory using the driver control.

How To Get Back Our Lost Handphone

2009-08-30T06:59:00.001+08:00

Originally from http://mikefilsaime.com/blog4/

How I Got My Lost iPhone Back From a Good Samaritan

Comments

OK – Yes. I know MobileMe offers a “Find My Phone” – But I did not have that. (Now I do.) But that means that you have to find the “location” and go knocking on doors and all that chasing stuff. Still better than never getting it back.

And yes, I know I have a $500 reward. But heck, a new iphone is $699.00 when you are not starting a plan. So that is CHEAPER for me. And for the finder, he can take my reward money and buy a new one for $299 and profit $200. So it is better for him to return it than keep it.

And yes, I know there are “apps” that do I what I am about to show you. But they suck and this is EASIER and it looks better and it is FREE.

So here is what I did to get my phone back.

Step #1 – I open the “Notes” app that comes with every iPhone.

Step #2 – I went down 3 lines before typing (This makes sure the text is not hidden by some of the iphone messages that are on when you turn on the phone.)

Step #3 – I typed THIS MESSAGE below.

Lost iPhone Message

Step #5 – I took a screen shot of the note by hitting the POWER BUTTON on the top of my iPhone and the HOME button on the front of the iPhone at the SAME TIME. (It then saves the PIC to your “Camera Roll”

Step #6 – I then went to “Settings” >> “Wallpaper” >> and chose the photo from my Camera Roll.

I hit save and I was DONE!

So now, even with the phone lock feature, this is the first thing that shows when my phone is turned on. So I do not have to worry about someone trying to figure out my password. (That wipes your phone out 100% after several wrong attempts.)

So a person will find your phone… see that message… and will realize it is their lucky day and call you. It is your lucky day too. Ask anyone that ever lost a phone.

Even if the power goes dead. Anyone that finds an iPhone charge it, with the help of a friend if needed, and see the message on Power-up.

So, I was in a cab on Firday at StomperNetLive8 In Atlanta. I left my phone in the back of a cab.

I came home on Tuesday and found a phone sent FED-X and a note saying the money was not needed but he gave the address anyways if I felt I still wanted to send it.

I called him (number was in note) to thank him and I sent him the $500 reward.

I am a happy boy!

Thanks,

Mike Filsaime

Top 10 tips to keep that new computer spyware-free

2009-03-07T05:14:00.003+08:00

This tips are very good for new computer before you start work on new laptop or pc. I found this tips when i'm searching a security matter for my laptop after format it. Let's share with you all.

December 27th, 2005

Top 10 tips to keep that new computer spyware-free

Posted by Suzi Turner @ 10:18 pm

Categories: Security and prevention

Tags:

36 TalkBacks

Got a new computer for Christmas? Are you worried about all the spyware horror stories you’ve read? You should be. I’ve heard varying numbers, but it’s said that putting an unprotected computer on a high-speed connection results in getting infected within a few minutes. I just read that the time is getting longer, but that’s not much comfort. By all means you should have a router if you’re on a high speed connection. A router provides some protection, but is only the beginning. Ok, now the new machine is booted up the first time and ready to go. It’s on the net. In this order, here’s what to do.

1. Update Windows immediately. In the Windows Security Center in the Control Panel turn on automatic download and installation for updates. Unless the computer came with a third party security suite or firewall, turn on the Windows XP firewall.

2. Update the pre-installed antivirus definitions and other security apps. Set them to auto update.

3. Download and install an alternative browser like Firefox or Opera.

4. Lockdown Internet Explorer. Yes, do it even if you use a different browser.

5. Install at least two anti-spyware apps. My top two recommended free apps are Ad-Aware and Microsoft AntiSpyware. Update definitions for both and turn on active protection in Microsoft AntiSpyware.

6. Install some free protective programs like SpywareBlaster and SpywareGuard from Javacool Software.

7. Install IE-SPYAD, which puts nearly 20,000 known dangerous domains in IE’s restricted site zone.

8. Install a HOSTS file from here or here.

9. Educate yourself on how to not become infected in the first place.

10. Surf safe and practice safe hex.

The Five-Access Point Security Plan

2008-09-26T07:43:00.003+08:00

This post is purposely to be my references, i'm taken from http://www.enterprisenetworkingplanet.com/netsecur/article.php/752421 , Please visit the original website if you want more detail.

The Five-Access Point Security Plan
April 25, 2001
By Elizabeth M. Ferrarini

An attack on your computer network can result in denial of service from an overloaded router, corrupted data transmitted across the network, unauthorized access to PCs, or the data centers themselves.

Keeping the network safe requires that you minimize an attacker's entry to each identified access point in the network. The five access points you need to be concerned with are:

Physical Protection

User Authentication

Access Control

Encryption

Security Management

How thoroughly you seal up any access point depends on weighing the risks, the cost of carrying out the security measure, and the value of the lost data or security intrusion. This article provides the nuts and bolts to consider for each access point.

Physical Protection
On the front line, you can begin by protecting back door access to workstation and to media as follows:

Train staff to log off the network during breaks, meal times, and at the end of the work shift.

Provide employees with access to a secure bin for depositing unused sensitive media, such as disks, and sensitive paper files, that need to be destroyed. You might want to investigate a refuse service that specializes in destroying sensitive media. Some services will destroy your documents on-site, while other will provide a sealed bin for depositing media.

Use smart cards, not disks, to store digital keys.

Don't write down passwords and then send them via e-mail, especially if the message is going to get archived onto a server.

Refrain from writing personal identification codes on identification cards. Put locking devices on portable equipment, such as laptops, external disk drives and tape backup systems.

User Authentication
Proof of who you are provides the only way to distinguish authorized users from possible intruders. To this end, an authentication system can determine what information the requester can access. For example, each sales representative can access records for his or her customers, not the entire customer database.

An authentication system usually includes what the user has or possesses, such as a smart card or certification; what the users knows, such as a password; or a physical attribute, such as a fingerprint or other biometric attribute. The most common authentication systems include a password, digital certificates, and digital digest or digital signatures.

Passwords generated by a software agent pose the most common type of security breach, especially when they aren't carefully chosen or maintained. An intrusion detection system, on the other hand, can protect against unauthorized access to sensitive information by correlating and reporting on suspect activity, and creating complete logs of all information transactions. This type of system can link audit trails from disparate systems, such as firewalls and system event logs.

Digital certificates, a technology that began as privacy enhanced mail, has become an essential part of public key infrastructure or PKI, a security system consisting of protocols, services, and standards to support public key cryptography applications. Public key cryptography validates digitally signed messages, which can be a simple e-mail message or protocol to establish a secure communications session. The sender of the authenticated message signs it with a private key. The recipient validates the message using the sender's corresponding key, contained in the sender's digital certificate. The certificate can be sent with the message or obtained form a certificate repository.

A digital digest enables you to authenticate the digital signature and to check on the message's validity. Applying a one-way hash function to a message creates a message digest, which can't be re-created from the digest. A digital signature uses the individual's private key to encrypt the message digest. Decrypting the message occurs as follows: the receiving message text recreates the digest, the public key decrypts the digest from the digital signature. If the two messages match, the messages are probably the same.

Access Control
The first step in governing an employee's access to a specific network, workstation, or application should begin with a well-defined corporate security policy. You can use various forms of access control technology to enforce the corporate security policy.

A firewall -- a system that protects an internal trusted system from an external untrusted system -- can prevent external intruders from getting to your network. The firewall determines which inside services outsiders can access, which outsiders have access to the permitted inside services, and which outside services insiders can access. A secure firewall basically does two things: Inspects all traffic that tries to pass to and from the network, and permits only authorized traffic to pass.

Encryption
Encryption -- making data unreadable to anyone who doesn't have the key to decrypt the data -- provides a way to protect data traveling over the network from the prying eyes of eavesdroppers. You can use encryption for data traveling over any type of a network - within the corporate network, between the corporate network and customers' networks, over the Internet to carry data to a virtual private network.

Keeping the network safe requires that you minimize an attacker's entry to each identified access point in the network. The five access points you need to be concerned with are:

Physical Protection

User Authentication

Access Control

Encryption

Security Management

Physical Protection
On the front line, you can begin by protecting back door access to workstation and to media as follows:

Train staff to log off the network during breaks, meal times, and at the end of the work shift.

Use smart cards, not disks, to store digital keys.

Don't write down passwords and then send them via e-mail, especially if the message is going to get archived onto a server.

Refrain from writing personal identification codes on identification cards. Put locking devices on portable equipment, such as laptops, external disk drives and tape backup systems.

Ubuntu Proxy : Error opening/creating log file. (check ownership and access rights).

2008-09-15T07:38:00.003+08:00

Ubuntu Proxy- Dansguardian + Squid : Error opening/creating log file. (check ownership and access rights).

cd /var/log/dansguardian (if it doesn't exist, then mkdir /var/log/dansguardian then cd /var/log/dansguardian.

touch access.log (this will create the file)
chown root.root access.log (this sets owner and group)
chmod 666 access.log (this sets r/w permissions)

then run command again :
service dansguardian restart
service squid restart

A simpler way to save: the 60% solution

2008-09-15T06:05:00.002+08:00

Taken from : MSN Money

A simpler way to save: the 60% solution

Twenty years of complicated budget calculations have led me to this one simple conclusion: By limiting all essential spending to 60% of total income, savings will soar.

By Richard Jenkins

The basics
How many of you have tried budgeting and think it's a waste of time? Come on, let's see those hands.

OK, that's just about everybody.

I've kept a budget of one kind or another, first on paper and then with the help of various software programs, for about 20 years -- despite a strong suspicion that I was wasting my time. The illusion of control, I argued to myself, was better than none at all.

My approach to budgeting was to carefully track my spending during the month and to adjust my budget targets up and down in each category, so that my total expenses never exceeded my income.

Laborious? You bet.

Useful? Sometimes.

Anal-compulsive? Probably.

After two decades of this, though, I started to wonder if there isn't an easier, more effective way to budget. I realized that the hardest part about keeping a budget is getting useful information from it. There's too much detail and not enough bottom line. My answer is "the 60% solution," a faster and easier way to structure your budget without having to account for every penny.

What you're trying to do with a budget is to prevent overspending, which ultimately leads to piling up debt. Contrary to the way most people budget, however, it rarely matters what you're overspending on -- dining out, entertainment, clothes. Who cares? It's still debt, right?

Looking at my own spending history, I realized that it wasn't the little luxuries here and there that got me in trouble. It was the large, irregular expenses, like vacations, major repairs and the holidays that did all the damage. To avoid overspending, I had to do a better job of planning for those.

And then there were the really big expenses: buying a car, putting a down payment on a new home or putting a new roof on an old home -- all of which can run into the tens of thousands of dollars. They also can often be postponed, sometimes for years, which theoretically should give me a chance to save for them.

Understand your committed expenses
As I looked back over the past 20 years of budgeting, I saw that there were a few years when my wife and I believed we were fairly on top of things, even with a much lower income than we have today. How did we manage?

The key was a drop in our fixed monthly expenses. It was a period when declining interest rates had lowered our adjustable-rate mortgage payment to about 15% of our household income. That left us with some extra money each month to set aside in a savings account for those irregular expenses.

We later moved to a bigger house with a much bigger mortgage payment, higher maintenance costs and utility bills, and obscene property taxes. The monthly mortgage payment was only 20% of our gross income, far lower than the 33% that most lenders will allow, but, suddenly, we were struggling again.

Even after refinancing our mortgage at a lower rate, we were still often running out of cash before the end of the month. I realized that other fixed expenses had crept upward over the years. As my children, Natalie, now 17, and Jackson, 14, have gotten older, they need things like music lessons and sports equipment that can add several hundred dollars a month to our basic expenses. They're also outgrowing clothes faster than we can buy them.

The slow but steady growth in our monthly spending commitments was putting a squeeze on our budget. I call these "committed" expenses rather than "fixed" or "non-discretionary" expenses, because things like music lessons are neither fixed in amount nor absolute necessities, but rather are commitments my wife and I have made to provide for our children.

The 60% solution emerges
After analyzing our spending patterns over the past couple of years using our Microsoft Money data file, I determined that we needed to keep our committed expenses at or below 60% of our gross income to come out ahead at the end of the month.

Committed expenses:

Basic food and clothing needs.

Essential household expenses.

Insurance premiums.

Charitable contributions.

All of our bills -- even such non-essentials as our satellite TV service.

ALL of our taxes.

I'm not saying that 60% is a magic number. It's a workable goal for my family, and it's a nice round number. But your number might well be a bit higher or lower. At any rate, it's a good place to start.

Then I divided up the remaining 40% into four chunks of 10% each, listed here in order of priority:

Retirement savings: consisting entirely of my 401(k) contribution, which is subtracted automatically from my paycheck.

Long-term savings: also automatically deducted from my pay to buy Microsoft stock at a discount as part of an unusual stock-purchase program. The relative lack of liquidity (i.e. the difficulty of turning these shares into cash) makes it harder to spend this money without some planning and a series of deliberate steps. In a real emergency, though, I could sell and have the cash wired into my bank account within three days, so this is also our emergency fund.

Short-term savings for irregular expenses: which are direct-deposited from my paycheck into a credit union savings account. Money in this account can be easily transferred into our checking account, as needed, via the Web. Over the course of a year, I expect to use all of this money to pay for vacations, repairs, new appliances, holiday gifts and other irregular but more or less predictable expenses.

Fun money: which we can spend on anything we like during the month, so long as the total doesn't exceed 10% of my income.

You may have noticed that only 70% of my paycheck is used for everyday expenses. Since we never see the other 30%, my wife and I generally don't miss it.

We don't really need to track our expenses, because our checking account balance is generally equal to the amount of money we can spend. That's the way a lot of people do it, but they don't first make provision for savings.

The key is keeping a lid on those committed expenses. You can categorize them if you want, but it isn't really necessary. In fact, you could make a budget with just three categories: committed expenses, fun money and irregular expenses, and that's just what I've done with the budget in Money 2005 (see chart below). (I can't really give up my anal-compulsive ways completely, so I've also created a set of subcategories to track the committed expenses, partly because that also allows me to export parts of my spending data to a tax program at the end of the year.)

Now, at this point you may be saying, "Well, la-dee-dah for you, but there's no way I can get my committed expenses down to 60% of my income."

How to get your spending down
For a lot of people, part of the difficulty in reducing committed expenses comes from the need to make big monthly credit card payments. If you're carrying a substantial amount of non-mortgage debt, I'd suggest using the 20% that would otherwise go to retirement and long-term saving to aggressively pay down your debt -- but only after you cut up those cards.

Every dollar in interest that you don't pay is just like getting a guaranteed, risk- and tax-free return on your money equal to the interest rate on the debt. When your debts are paid off -- and it won't take long using 20% of your gross income -- immediately redirect that money into savings.

Now, let's take the really hard case: Even excluding debt payments, reducing your committed expenses to 60% still seems like an impossible goal. If that describes your situation, the odds are good that you're facing one of the following problems:

You have a more expensive home than you can afford.

You've committed to car or boat payments that are larger than you can afford.

Your children are in a private school that you can't really afford.

There's just a big, ugly gap between your income and your lifestyle.

If it's one of the first three, you can undo the damage by slowly unwinding the commitments you've made and choosing something less appealing but ultimately more appropriate.

If the problem is having champagne tastes on a beer budget, you'll need to take a long, hard look at where the money is going and why. Consider if perhaps you're using money and things to fill a void in your life. Often, the steps needed to fill that void have little to do with money.

The real secret to building a budget that really works isn't tracking what you spend, any more than counting calories is the secret to losing weight. The key is creating a sustainable structure for your finances, one that balances spending and income and that leaves enough room to handle the unexpected.

A simpler way to save: the 60% solution

2008-09-15T06:05:00.000+08:00

Taken from : MSN Money

A simpler way to save: the 60% solution

Twenty years of complicated budget calculations have led me to this one simple conclusion: By limiting all essential spending to 60% of total income, savings will soar.

By Richard Jenkins

Basic food and clothing needs.

Essential household expenses.

Insurance premiums.

Charitable contributions.

All of our bills -- even such non-essentials as our satellite TV service.

ALL of our taxes.

You have a more expensive home than you can afford.

You've committed to car or boat payments that are larger than you can afford.

Your children are in a private school that you can't really afford.

How To Mount CD Rom Linux Shell Command

2008-09-12T14:57:00.002+08:00

Mount to the cdrom

Code
mount /dev/cdrom

Listing all mounted cdrom

Code
ls

Change to the mounted cdrom

Code
cd /media/cdrom

How to Detect & Remove Trojan Farfli

2008-08-27T15:40:00.000+08:00

Article from : http://www.411-spyware.com/remove-trojan-farfli

How to Detect & Remove Trojan Farfli

What's Trojan Farfli?

Trojan Farfli Threat Level:

Trojan Farfli is a Trojan horse that may download and install other malware and spyware onto your PC, without your knowing. Trojan Farfli may also change your Internet Explorer home page to www.baidu.com/inde_____,
www.kzdh.com, www.7255.com/?g about.blank.la?g, add web browser bookmarks, and Trojan Farfli may change your hosts file. It’s best if you remove Trojan Farfli immediately. You might have gotten infected with from: http://]install1.ring520.org/kk_____, http://]install2.ring520.org/kk_____, http://]install3.ring520.org/kk_____, or http://install4.ring520.org/kk_____.

Do I Have Trojan Farfli?

You can search your computer manually, but it might take hours to find Trojan Farfli’s hidden files. To save time, I recommend you automatically scan your PC for Trojan Farfli and other spyware. Why not? It’s free.

Free Trojan Farfli Scan, with SpyHunter

You can easily detect Trojan Farfli with SpyHunter’s FREE spyware scanner. And if you’re really infected with Trojan Farfli, you can buy the full version of SpyHunter to remove Trojan Farfli and other spyware. Or you can use my instructions below and remove Trojan Farfli for free.

I’m a big fan of SpyHunter. Here’s why: SpyHunter offers live support on the phone, and if SpyHunter doesn’t automatically remove Trojan Farfli, you can get a custom fix for your computer.

How to Remove Trojan Farfli

Your best protection against Trojan Farfli is to remove Trojan Farfli processes, registry keys, DLLs, and other files ASAP.

Get Rid of Trojan Farfli Manually

Manual removal of any spyware can be difficult. When you manually remove Trojan Farfli, you have to fiddle with your registry and risk destroying your PC. It’s highly recommended you use an automatic spyware scanner to make sure you’re infected with Trojan Farfli. Also, I recommend you backup your system any time before editing your registry.

To remove Trojan Farfli manually, you need to delete Trojan Farfli files. Not sure how to delete Trojan Farfli files? Click here, and I’ll tell you. Otherwise, go ahead and…

Stop Trojan Farfli processes:

Delete Trojan Farfli files:

%SYSDIR%\drivers\[random 1].sys
%UserProfile%\Favorites\[chinese characters].url
%SYSDIR%\drivers\[random 2].sys

Delete Trojan Farfli DLLs:

%SYSDIR%\[random].dll

Delete Trojan Farfli registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random 2]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random 2]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random 2]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random 2]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IE4\”Main”= [random]

Note: In any files I mention above, “%System%” is a variable referring to your PC’s System folder. Maybe you renamed it, but by default your System folder is “C:\Windows\System32″ on Windows XP, “C:\Winnt\System32″ on Windows NT/2000,” or “C:\Windows\System” on Windows 95/98/Me.

Relatedly, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”).

Trojan Farfli changed your homepage?

Click Windows Start menu > Control Panel > Internet Options. Next, under Home Page, select the General > Use Default. Type in the URL you want as your home page (e.g., “http://www.homepage.com”). Then select Apply > OK. You’ll want to open a fresh web page and make sure that your new default home page pops up.

Recommendation:

To save time and avoid risking destroying your computer, I highly recommend you use a spyware scanner, such as SpyHunter, to detect Trojan Farfli and other spyware, adware, trojans, viruses, keyloggers, and more that can be hidden in your PC. It’s also recommended before you manually remove Trojan Farfli you backup your system.

Free Trojan Farfli Scan, with SpyHunter

Automatically detect Trojan Farfli and other spyware on your PC with SpyHunter’s FREE spyware scan.

How Do I Remove Trojan Farfli Files?

Need help figuring out how to delete files, DLLs, and registry keys? While there’s some risk involved, and you should only manually remove Trojan Farfli files if you’re comfortable and confident editing your system, you’ll find it’s fairly easy to delete Trojan Farfli files in Windows.

How to delete Trojan Farfli files in Windows XP and Vista:

Click your Windows Start menu, and from “Search,” click “For Files and Folders…“
A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
Type any file name in the search box, and select “Local Hard Drives.”
Click “Search.” Once the file is found, delete it.

How to stop Trojan Farfli processes:

Click the Start menu, select Run.
Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys ALT + CTRL + DELETE or CTRL + Shift + ESC.
Click Processes tab, and find Trojan Farfli processes.
Once you’ve found the Trojan Farfli processes, right-click them and select “End Process” to kill Trojan Farfli.

How to remove Trojan Farfli registry keys:

Your Windows registry is the core of your Windows operating system, storing information about user settings, system preferences, and software, including which applications automatically launch at start up. Because of this, spyware, malware, and adware will often bury their own files into your Windows registry so that they automatically launch every time your start up your PC.

Because your registry is such a key piece of your Windows system, you should always backup your registry before you make any changes to it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or registry value, there’s a chance you may need to reinstall your entire Windows operating system. Make sure your backup your registry before editing it.

Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
To find a registry key, such as any Trojan Farfli registry keys, select “Edit,” then select “Find,” and in the search bar type any of Trojan Farfli’s registry keys.
As soon as Trojan Farfli registry key appears, you can delete the Trojan Farfli registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

Computer acting funny after you’ve edited your registry and deleted Trojan Farfli registry keys? Just restore your registry with your backup.

How to remove Trojan Farfli DLL files:

Like most any software, spyware, adware, and malware may also use DLL files. DLL is short for “dynamically linked library,” and Trojan Farfli DLL files, like other DLLs, carryout predetermined tasks. To manually delete Trojan Farfli DLL files, you’ll use Regsver32, a Windows tool designed to help you remove DLL and other files.

First you’ll locate Trojan Farfli DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Trojan Farfli DLL file is located. If you’re not sure if the Trojan Farfli DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
When you’ve located the Trojan Farfli DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

That’s it. If you want to restore Trojan Farfli DLL file you removed, enter “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

How Did I Get Trojan Farfli?

You may be wondering how Trojan Farfli ended up on your PC. If you’re infected with Trojan Farfli or other spyware, your system’s and web browser’s security settings may be set too low, you may not follow safe web browsing and email habits, and you may need to regularly use a good anti-spyware application. Unsafe computer behavior that may lead to your PC having Trojan Farfli includes:

Freeware or Shareware:
Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Trojan Farfli. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly and maliciously attached to free software to harm your computer and steal your personal and financial information.

Peer-to-Peer Software:
Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Trojan Farfli.

Questionable Websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, Trojans, spyware, and adware may be automatically downloaded and installed onto your computer, sometimes including applications like Trojan Farfli.

It’s important to practice safer online habits to prevent being infected with Trojan Farfli . You may want to scan your computer for the latest version of Trojan Farfli and other security threats.

Detect Trojan Farfli & Other Malware

Is your computer infected with malware?

When you’re infected with malware, whether it’s Trojan Farfli, spyware, adware, trojans, rogue anti-spyware, keyloggers, worms, or viruses, there are a few key symptoms you may experience. If you notice one or more of the symptoms listed below, your PC may be infected with Trojan Farfli or other malware. Continue reading below, or click here for a free malware scan.

Slow computer performance: It only takes one or two spyware parasites like Trojan Farfli to cause your computer to slow dramatically. If your PC takes longer than usual to reboot or if your Internet connection is unusually slow, your computer may be infected with malware.

New desktop shortcuts or switched homepage: Malware like Trojan Farfli may change your Internet settings or redirect your default homepage to another web site. Malware may even add new desktop shortcuts on your PC.

Annoying popups on your PC: Malware may bombard your computer with popup ads, even when you’re not online. Malware may stop your regular Internet activity and track your surfing habits and gather personal information about you, putting your financial and personal information at risk.

Understanding Trojan Farfli & Spyware

If you’re infected with Trojan Farfli and spyware, you should know what you’re fighting. I’ll explain some spyware definitions related to Trojan Farfli.

Trojan Farfli May Be a Trojan

What Are Trojans?

Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often .avi, .pif, .exe, and even .jpg files.) Most Trojans are able to gain complete control over your PC after installation. With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.

Some Trojans may also fall under the category of spyware. Spyware is any software or malware (”malicious software”) used to spy or track your computer activity. While some spyware is legitimately and intentionally installed by parents or employers to monitor Internet activity on a computer, spyware may be installed maliciously. Often spyware may come bundled with downloads of free software or come in the form of a cookie via a website, and this spyware may track your Internet activity or may steal secret account usernames and passwords, credit card numbers, and other personal and financial information.

Methods of Trojan Farfli and Other Trojans Infection

Most trojans infect your computer by tricking you into running an infected application. This infected application could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.

» Email: Your PC may be infected with a trojan when you download infected email attachments, or sometimes even when you simply open an email. Many trojans exploit security holes in Microsoft Outlook. You may be able to reduce your chances of getting infected by a Trojan by using a spam-blocking software.

» Websites: Your PC may be infected with a trojan when you visit a rogue site. Many trojans exploit security holes in Internet Explorer web browser so that by simply visiting a website you may unknowingly download a Trojan.

» Open ports: If your computer runs programs that provide file-sharing functions - such as AOL Instant Messenger (AIM), MSN Messenger, and more - you may open your computer up to vulnerabilities. Using file sharing through these applications may create a network that gives attackers the opportunity to remotely access your computer.

Trojan Farfli may have infected your PC by through one of those methods. Trojans are some of the most sophisticated and dangerous type of malware, capable of controlling your system. Because of this, it may be best if Trojan Farfli and Trojans are removed from your computer immediately.

ShareThis

Trojan Farfli-Related Posts

» No related posts

Trojan Farfli's Threat Level Explained

Trojan Farfli Is a Minor Pest

The parasite isn't a real threat, but Trojan Farfli may track your Internet activities. Trojan Farfli may be easily removed with your Windows system "Add/Remove" function.

Trojan Farfli Is a Pest

The parasite might profile you web activities and may have installed itself onto your PC via a drive-by download. You can probably manually remove Trojan Farfli yourself.

Trojan Farfli Is a Minor Threat

The parasite might profile you and other users of your PC, and Trojan Farfli may send this data back to its parent server.

Trojan Farfli Is a Medium Threat

The parasite might profile you and other users of your PC, and Trojan Farfli may send this data back to its parent server. Trojan Farfli may be impossible to manually remove.

Trojan Farfli Is a Threat

The parasite might profile you and other users of your PC, and Trojan Farfli may send this data back to its parent server. Trojan Farfli may download and install more malware onto your PC, and Trojan Farfli may be impossible to manually remove.

Trojan Farfli Is a Minor Danger

The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. Trojan Farfli may also be difficult to manually remove.

Trojan Farfli Is a Medium Danger

The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. Trojan Farfli may download more malware and also be very difficult to manually remove.

Trojan Farfli Is a Danger

The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. These logs may be sent to anonymous attacker, and Trojan Farfli may download more malware. Trojan Farfli may be very difficult to manually remove.

Trojan Farfli Is a Major Danger

The parasite may track all of your computer activity, and Trojan Farfli may allow a hacker to access your PC. Trojan Farfli may pipe more malware into your computer, and may disable your anti-spyware or anti-virus software. Trojan Farfli may be very difficult to manually remove.

Trojan Farfli Is an Extreme Danger

The parasite may track all of your computer activity, and Trojan Farfli may allow a hacker to control your computer. Trojan Farfli may pipe more malware into your computer, and may disable your anti-spyware or anti-virus software and firewall, and block your access to anti-spyware sites. Trojan Farfli may be very difficult to manually remove.

IT Notes

2008-08-20T06:41:00.004+08:00

Grey Box Testing

In recent years the term grey box testing has come into common usage. This involves having access to internal data structures and algorithms for purposes of designing the test cases, but testing at the user, or black-box level.

Manipulating input data and formatting output do not qualify as grey-box because the input and output are clearly outside of the black-box we are calling the software under test. This is particularly important when conducting integration testing between two modules of code written by two different developers, where only the interfaces are exposed for test. Grey box testing may also include reverse engineering to determine, for instance, boundary values or error messages.

Black box testing

Black box testing treats the software as a black-box without any knowledge of internal implementation. Black box testing methods include: equivalence partitioning, boundary value analysis, all-pairs testing, fuzz testing, model-based testing, traceability matrix, exploratory testing, specification based testing, etc.

White box testing

White box testing, however, is when the tester has access to the internal data structures and algorithms. (and the code that implement these)

Types of white box testing

The following types of white box testing exist:

code coverage - creating tests to satisfy some criteria of code coverage. For example, the test designer can create tests to cause all statements in the program to be executed at least once.
mutation testing methods.
fault injection methods.
static testing - White box testing includes all static testing.

source - http://en.wikipedia.org/wiki/Software_testing#Black_box_testing

TCP Wrapper is a public domain computer program that provides firewall services for Unix servers. The program was developed by Wietse Venema.

When an unprotected UNIX computer is connected to a network, the computer's system is exposed to other computer users connected to the network. For example, by using the finger utility, a hacker may be able to determine which users are logged on to a given server. It is also possible to find out the identities of individual computers, and various details about their users' recent Internet behavior. A hacker can determine when a workstation is likely to be idle, and then access and use that workstation when it is unattended. TCP Wrapper can act as a firewall to prevent this.

TCP Wrapper monitors incoming packets. If an external computer or host attempts to connect, TCP Wrapper checks to see if that external entity is authorized to connect. If it is authorized, then access is permitted; if not, access is denied. The program can be tailored to suit individual user or network needs.

source - http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci751000,00.html

firewalking

(fīr´wâk-ing) (n.) Developed by Mike Schiffman and David Goldsmith, a technique for testing the vulnerability of a firewall and mapping the routers of a network that sits behind a firewall. Firewalking is a method of disguising port scans. In practical applications, firewalking is similar to tracerouting and works by sending into the firewall TCP or UDP packets that have a TTL set at one hop greater than the targeted firewall. If the packet makes it through the gateway, it is forwarded to the next hop where the TTL equals zero and elicits a TTL "exceeded in transit" message, at which point the packet is discarded. Using this method, access information on the firewall can be determined if successive probe packets are sent.

source :-http://www.webopedia.com/TERM/F/firewalking.html

There are 65535 distinct and usable port numbers

Port 135-139 = SMB

SMB ?

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.

Error Message: Procedure Entry Point Not Found in Msvcrt.dll File

2008-08-13T19:24:00.001+08:00

SYMPTOMS

When you start Windows XP, you may receive an error message that is similar to one of the following:

Lsass.exe: Entry Point Not Found

The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.

-or-

Services.exe: Entry Point Not Found

The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.

After you press OK, a blank desktop appears on the computer screen. The pointer may be present and working. However, there is nothing to click, and the keyboard does not work.

CAUSE

This issue may occur if you replaced the Msvcrt.dll file with a third-party version that does not contain the _resetstkoflw (recovery from stack overflow) function.

RESOLUTION

To resolve this issue, use the Windows XP Recovery Console to replace the Msvcrt.dll file with the original version. To do this, follow these steps:

Insert your Windows XP CD-ROM into the computer's CD-ROM drive or DVD-ROM drive, and then restart your computer from the CD-ROM.

NOTE: Some computers may require that you modify the basic input/output system (BIOS) settings before you can start the computer from a CD-ROM. For information about how to modify BIOS, see your computer documentation.

At the Welcome to Setup screen, press R to start the Recovery Console.

Press the number key that corresponds to the installation that you want to repair, and then press ENTER.

Type the Administrator password, and then press ENTER.

With the Windows XP CD-ROM still in the CD-ROM drive or DVD-ROM drive, type the following commands, pressing ENTER after each command:

•	cd system32
•	ren msvcrt.dll msvcrt.old
•	`CD-ROM_or_DVD-ROM_Drive_Letter`:
•	cd \i386
•	expand msvcrt.dl_ `BootDriveLetter`:\windows\system32
•	exit

NOTE: BootDriveLetter refers to the drive letter of the boot drive. In other words, it refers to the drive where the Windows folder is located, which is probably drive C. CD-ROM_or_DVD-ROM_Drive_Letter refers to the drive letter of the CD-ROM or the drive letter of the DVD-ROM drive. The CD-ROM drive or the DVD-ROM drive are frequently located in drive D.

NOTE: The retail version of the Msvcrt.dll file is dated 23-Aug-2001. It was included with Windows XP and has the following properties:

Modified 8.23.01
Size - 315 KB (322,560 bytes)
Version - 7.0.2600.0

MORE INFORMATION

This version contains the _resetstkoflw function.

To view the functions in a .dll file, use the Dependency Walker utility (Depends.exe), which is available with Windows XP Support Tools. To install Windows XP Support Tools, insert your Windows XP CD-ROM in the CD-ROM or DVD-ROM drive, click Start, click Run, type CD-ROM_or_DVD-ROM_Drive_Letter:\Support\Tools\Setup.exe in the Open box, and then press ENTER.

OCS Inventory ERROR: can't write in directory (on dbconfig.inc.php)

2008-08-13T08:08:00.000+08:00

1. Find the correct path for the dbconfig.inc.php - use this command

cd
cd ..
find / -name dbconfig.inc.php

Ok for me,it will return the path here :-

/usr/share/ocsinventory-server/ocsreports/dbconfig.inc.php

After that u just use this command to change it right

cd /usr/share/ocsinventory-server/ocsreports/
chmod 666 dbconfig.inc.php

Ok .. Please try and give the feedback here :

Thank You

Setup LAMP + OCS Inventory

2008-08-12T11:38:00.002+08:00

Apache

Install Apache

sudo apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

Testing HTTP Server by open a web browser and enter http://localhost

PHP

Install PHP5

sudo apt-get install libapache2-mod-php5 libapache2-mod-ruby php5
php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick
php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming
php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy

php5-xmlrpc php5-xsl

Stop/Restart Apache

sudo /etc/init.d/apache2 restart

Test the installation

sudo gedit /var/www/testphp.php

Insert this following line into testphp.php file.

Save this new file.
Open a web browser and enter http://localhost/testphp.php
Be sure to remove the file afterwards, as it may pose a security risk.

sudo rm /var/www/testphp.php

MySQL

Install MySQL Server

sudo apt-get install mysql-server mysql-client libmysqlclient15-dev

MySQL initially only allows connections from the localhost (127.0.0.1). We’ll need to remove that restriction if you wish to make it accessible to everyone on the internet. Open the file /etc/mysql/my.cnf

sudo vi /etc/mysql/my.cnf

Find the line bind-address = 127.0.0.1 and comment it out then save the file.
MySQL comes with no root password as default. This is a huge security risk. You’ll need to set one. So that the local computer gets root access as well, you’ll need to set a password for that too. The local-machine-name is the name of the computer you’re working on.

mysqladmin -u root password newpassword
mysqladmin -h root@local-machine-name -u root -p password newpassword
sudo /etc/init.d/mysql restart

MySQL for Apache HTTP Server

sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin

To get PHP to work with MySQL, open the php.ini file

sudo vi /etc/php5/apache2/php.ini

You’ll need to uncomment the “;extension=mysql.so” line so that it looks like this

extension=mysql.so

Restart Apache

sudo /etc/init.d/apache2 restart

Get Ride Patches XP

2008-08-08T09:20:00.000+08:00

There is a lot of cracks or patches or fixes that aims to bypass or skip Windows Genuine Advantage (WGA) validation process, or trick the WGA validation results to be always genuine. However, these workarounds do not address the fundamental issue of the problem - that’s the product CD key or volume license key (VLK) registered in your copy of Windows XP, Windows XP Media Center Edition (MCE) and Windows Server 2003 is invalid or has been blocked or banned by Microsoft. The following ultimate WGA Patcher Permanent Kit with cracks and procedures all-in-one package will convert and transform the pirated Windows operating system into genuine and legitimate OS when validate by Microsoft’s WGA, by changing the serial number, product key or VLK of the Windows with a valid CD key, and when necessary, apply patch.

Download ~~WGA Patcher Permanent Kit (WPatcherP5575987.zip)~~ (link removed due to complaint from Microsoft) or ~~GenuineWindowsPatcher.zip~~ (download removed due to complaint from Microsoft) which contains Magical Jelly Bean Keyfinder v1.51 (keyfinder.exe), Microsoft Genuine Advantage Diagnostics Tool 1.5.0717.0 (MGADiag.exe), wga-hosts-fix 0.1 (wga-fix.exe), and Windows XP, Windows Server 2003 VLK key generator (MSKey.exe or Windows XP Keygen.exe).
Extract the zip file.
Run the Windows XP/2003 key generator (MSKey.exe or Windows XP Keygen.exe).
In the key generator, under the Product Family, select “Windows XP Pro. VLK”, and click the “Generate” button to generate a valid and genuine serial key for Windows XP (choose Windows Server 2003 VLK for Windows 2003). If key generator doesn’t work, try to find a product key on web.
Note down the product key or serial that is generated (can leave the program opens). The idea is to get VLK key that yet to be blocked or unknown to Microsoft.
Execute Magical Jelly Bean Keyfinder (keyfinder.exe). If you having problem with Keyfinder, you can use any other Windows key changer listed here, such as RockXP and KeyFinder Thing.
Once launched, Magical Jelly Bean Keyfinder will display the existing Windows and Office product key in the system. Select “Microsoft Windows” tab (open by default), and click on Options menu, and then select “Change Windows Key”.
In the Change Microsoft Windows XP Key window, key in the product key or serial number generated from the keygen program in the boxes.
Click on Change button when done.
Magical Jelly Bean Keyfinder will use Microsoft’s WMI script to change the product key of Windows XP. Follow on screen instruction to continue.
Run wga-fix.exe program. Click on Yes button on the ‘wga-host-fix 0.1 window’ to redirect WGA authorization and validation request to loopback address (127.0.0.1). Alternatively, open Command Prompt, and navigate to \Windows\System32\drivers\etc\ directory, edit the Hosts file, and add in the following entry to the end of the file:127.0.0.1 mpa.one.microsoft.com
Uninstall or delete any cracked or patched LegitControlCheck.dll, WgaTray.exe and WgaLogon.dll located in \Windows\System32 folder. You may also need to delete “Windows Genuine Advantage Validation Tool” located in C:\Windows\Downloaded Program Files\ folder.
Go to Windows (Microsoft) Updates or Microsoft Download Center to download updates or applications in which require validation. Install WGA Validation Tool ActiveX when prompted. (Note: If you’re having problem to validate Windows with MGADiag.exe in later process, you still skip previous and this step first or apply the patched LegitCheckControl.dll again, which means leave the patch and crack intact, and only come back to delete any crack or patch, and install original WGA validation tool later. This especially true if you have LegitCheckControl.dll 1.5.723.1 with MGDIAG.exe 1.5.0717.0)
Run the Microsoft Microsoft Genuine Validation Diagnostic Tool (MGADiag.exe), and click on Continue button to proceed.
Click on OK when MGADiag finishes processing and displays your genuine status. The status should show GENUINE, and not NOT ACTIVATED.

Step 6 - 10 can also be done without using any hacker tool, by using Activation Wizard following official tutorial from Microsoft on how to change the Volume Licensing product key on a computer that is running Windows XP SP1 and later versions of Windows XP detailed as below.

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
In the left pane, locate and then click the following registry key:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current Version\WPAEvents
In the right pane, right-click OOBETimer, and then click Modify.
Change at least one digit of this value to deactivate Windows.
Click Start, and then click Run.
In the Open box, type the following command, and then click OK.%systemroot%\system32\oobe\msoobe.exe /a
Click Yes, I want to telephone a customer service representative to activate Windows, and then click Next.
Click Change Product key.
Type the new product key in the New key boxes, and then click Update. If you are returned to the previous window, click Remind me later, and then restart the computer.
Repeat steps 6 to verify that Windows is activated. You receive the following message:Windows is already activated. Click OK to exit.

Shortcut to Genuine Windows without Any Crack

Unable to download the crack? Or afraid that the cracks of keygen and key changer contains virus or trojan? You can simply add in the entry in step 11 (i.e. 127.0.0.1 mpa.one.microsoft.com) into your Hosts file if VLK key of your Windows installation has PID within the range of -640 to -641 or any other volume license product key that is not blocked. You can try it anyway no matter what product key you used to see if it working with existing CD key without changing the key.

Note: This shortcut by using wga-fix.exe or manually editing the Hosts file should works out of the box immediately on Windows XP Media Center Edition (MCE) 2005 and Windows XP Tablet PC Edition, and by luck on Windows XP Home, XP Professional and Windows 2003.

Simply remove and delete the crack or patch that has been applied in \Windows\System32 (LegitCheckControl.dll, WgaLogon.dll, WgaTray.exe) or \Documents and Settings\All users\Application Data (sub-folders “Windows Genuine Advantage” and “Office Genuine Advantage”)
Go to Windows (Microsoft) Updates or Microsoft Download Center to access Windows updates or download applications that require validation. Install WGA Validation Tool ActiveX when prompted.
Add in the “127.0.0.1 mpa.one.microsoft.com” to the Hosts file located in \Windows\System32\drivers\etc\ folder. Or alternatively, just execute ~~wga-fix.exe~~ (download link removed due to complaint from Microsoft) contained in the WGA crack archive package.
Run MGADiag.exe to validate the Windows is genuine.

After applying this trick or hack, Microsoft WGA Validation Tool will treat the Windows as genuine, as in you legally purchase and buy the Windows OS. Users can access to Windows Updates or Microsoft Updates, download WGA validation required software products from Microsoft Download Center such as as Windows Defender, WMP11, IE7, DirectX and etc, and also to install these programs with proper validation without any cracks. This hack or trick should works on Windows XP, Windows XP Media Center Edition (MCE), and even Windows Server 2003, and users can pick any browsers they like, including IE6, IE7, Firefox, Netscape or web browser powerd by IE such as MSN Explorer or AOL Explorer.

If you still having problem with this method, try out other WGA bypass methods.

Disclaimer: This article is for educational and informational purpose only. If you’re having problem with your Windows validation, contact Microsoft.

Share and contribute or get technical support and help at My Digital Life Forums.

Install dansguardian, tinyproxy, and firehol

2008-07-31T11:20:00.000+08:00

Original post from http://ubuntuforums.org/showpost.php?p=1222237&postcount=21

Install dansguardian, tinyproxy, and firehol

Code:

sudo apt-get install dansguardian tinyproxy firehol

Edit /etc/dansguardian/dansguardian.conf...

Code:

sudo nano -w /etc/dansguardian/dansguardian.conf

and leave everything at default. You will just need to comment out the UNCONFIGURED line

Code:

# Comment this line out once you have modified this file to suit your needs
#UNCONFIGURED

Next, you will need to edit the tinyproxy.conf

Code:

sudo nano -w /etc/tinyproxy/tinyproxy.conf

and make the following changes

Code:

##
## tinyproxy.conf -- tinyproxy daemon configuration file
##

#
# Name of the user the tinyproxy daemon should switch to after the port
# has been bound.
#
User nobody
Group nogroup

#
# Port to listen on.
#
#Port 8888
Port 3128

Now the last file to be edited is /etc/firehol/firehol.conf

Code:

sudo nano -w /etc/firehol/firehol.conf

and here is my entire firehol.conf file

Code:

#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "nobody root"

# Accept all client traffic on any interface
interface any world
 policy drop
 protection strong
 client all accept

Then restart the services

Code:

sudo /etc/init.d/dansguardian restart
sudo /etc/init.d/tinyproxy restart
sudo /etc/init.d/firehol restart

You should now have a working internet filter without any changes being made to the proxy settings.

How to uninstall and remove webmin

2008-07-31T11:17:00.001+08:00

How to uninstall and remove webmin after you have installed it with rmp, you can do this:
How can I uninstall Webmin?

Just run the command

COMMAND:

/etc/webmin/uninstall.sh

If you have installed the RPM version of Webmin like i have, you can use

rpm -e webmin

Dansguardian Can't locate Compress/Zlib.pm from Webmin

2008-07-31T11:12:00.002+08:00

If you get this error try to do this

Install this package

libdate-manip-perl,
libhtml-parser-perl,
libcompress-zlib-perl

Centos or Debian

sudo apt-get install libdate-manip-perl libhtml-parser-perl libcompress-zlib-perl

How to: Install Network Monitoring Tool (Nagios+Nagmin+Webmin+Mysql+Apache2+RRDTool+NMAP) on OpenSUSE 10.2

2008-07-21T11:22:00.001+08:00

Originally Taken From

http://opensource-2u.blogspot.com/2007/08/how-to-install-network-monitoring-tool.html

Tuesday, August 28, 2007

How to: Install Network Monitoring Tool (Nagios+Nagmin+Webmin+Mysql+Apache2+RRDTool+NMAP) on OpenSUSE 10.2

These are step by step how to setup network monitoring tool on OpenSUSE 10.2:

Install MySql, RRDTool, NMAP and Apache2:
1. Open the YaST software management. Select package mysql, mysql-client, mysql-shared, rrdtool, nmap and apache2. (*Accept all dependencies)
2. After install all package run this command mysqladmin -u root password "yourpassword"
3. Start mysql by run this command rcmysql start
4. Make this service automatically start after reboot by type chkconfig mysql on
5. Start apache2 by typing rcapache2 start
6. Make apache2 auto start after reboot by typing chkconfig apache2 on

Install Webmin:
1. Download webmin from webmin.com. I recommend you to download the noarch package for support all machine architecture. Save it, such as at your desktop.
2. Go to your desktop and type rpm -Uvh webmin_name
3. Start webmin by typing /etc/init.d/webmin start
4. Log in to webmin interface by opening your browser and type https://localhost:10000

Install Nagios:
1. Open YaST and select libcrypt, perl-Net-SNMP, fping, postgresql-libs, radiusclient, apache2, gd, and perl-URI.
2. Download nagios package (nagios-2.5-24.i586.rpm, nagios-nrpe-2.5.2-28.i586.rpm , nagios-nsca-2.5-39.i586.rpm , nagios-plugins-1.4.5-5.i586.rpm , nagios-plugins-extras-1.4.5-5.i586.rpm , nagios-plugins-sap-ccms-0.7.3-38.i586.rpm and nagios-www-2.5-24.i586.rpm )
at http://download.opensuse.org/distribution/10.2/repo/oss/suse/i586/.
I recommend use nagios version 2.5 because most stable and many package are supported.
3. Install all these packages by typing rpm -Uvh nagios*.rpm
4. Start nagios by typing rcnagios start
5. Make nagios autostart after reboot by type chkconfig nagios on
6. Check your nagios by typing http://localhost/nagios/ on your browser (firefox etc)

Install Nagmin:
Nagmin is a webmin module. To install:
1. Download nagmin from http://sourceforge.net/project/showfiles.php?group_id=77010
I recommend you to download nagmin-2.1.0.tar.gz . It is because easy to install by a setup script. Other nagmin doesn't have a setup script.
2. Extract the nagmin by typing tar xvzf yournagminname .
3. Go to the nagmin folder and type ./setup to intall. Follow this guide

Database name to use or create : [Enter]
Nagios Root directory : /etc/nagios [Enter]
Nagios ETC directory : /etc/nagios [Enter]
Nagmin root directory : [Enter]
Nagios Configuration File: : [Enter]
CGI Configuration File: : [Enter]
Entries will be displayed for accuracy, select Y to continue.
Script will continue with its process.
Select N to question for viewing the SQL file
Select Y to other question

4. Now acces webmin and install the Nagmin plugin

Configure Nagmin setting:
Configure Nagmin Nagios by clicking Module Config in webmin. Change the configuration to the following value:
Nagios BIN directory /usr/bin
Nagios ETC directory /etc/nagios
Nagios LIBEXEC directory /usr/lib/nagios/plugins

5. Open your terminal and type vi /etc/nagios/cgi.cfg
find use_authentication=1; chage 1 to 0
find default_user_name = user, chage the user by deamon

6. Save and quit.

7. Now install NagMin module for webmin. To install go to Webmin --> Webmin Configuration --> Webmin Modules. Install the nagmin module from the nagmin folder that you extract before. The file name is look like nagmin-2.x.x.wbm

The Error
1. (Error: version issue):
Some error found when your login webmin --> Server --> nagMIN Network Monitoring.

Error message:
The MySQL client program /usr/bin/mysql does not appear to be the correct version. Webmin only supports MySQL versions 3 and above.

The command /usr/bin/mysql -V returned :

/usr/bin/mysql  Ver 14.12 Distrib 5.0.22, for redhat-linux-gnu (i686) using readline 5.0

Suggested fix:
open terminal and type vi /usr/libexec/webmin/nagmin/index.cgi
find "distrib" and add "| 5" after 4 at same line
save and quit the vi.

2. error found when your login webmin --> Server --> nagMIN Network Monitoring --> in column System Databases --> nagios

error message:

"Error - Perl execution failed
Can't use an undefined value as a HASH reference at /path/to/mysql.pm line 113"

Suggested fix:

Location mysql.pm on Suse /usr/lib/perl5/vendor_perl/5.8.8/i586-linux-thread-multi/DBD/mysql.pm

At around line 109 of mysql.pm:

------------------------------------
 # Avoid warnings for undefined values
 $username ||= '';
 $password ||= '';

 # create a 'blank' dbh
 my($this, $privateAttrHash) = (undef, $attrhash);
 $privateAttrHash = { %$privateAttrHash,
'Name' => $dsn,
'user' => $username,
'password' => $password
 };
-------------------------------------

Needs to be changed to

-------------------------------------
# Avoid warnings for undefined values
 $username ||= '';
 $password ||= '';
 $attrhash ||= {};

 # create a 'blank' dbh
 my($this, $privateAttrHash) = (undef, $attrhash);
 $privateAttrHash = { %$privateAttrHash,
'Name' => $dsn,
'user' => $username,
'password' => $password
 };

Finish.

The Art and Science of Web Server Management

2008-05-16T22:45:00.001+08:00

The Art and Science of Web Server Management

Roy Tennant
Project Manager, Digital Library Research & Development
University of California, Berkeley

Original From http://www.library.ucsb.edu/untangle/tennant.html

Abstract

Creating and maintaining a web server, particularly for a large organization, is both an art and a science. The science of link management, statistical analysis, and error redirection is but a part of what is required of Web Managers. Additional responsibilities include defining server standards, monitoring users, training others in web document design and markup, policy formation and enforcement, and data owner support services. No Web Manager is perfect, but those that approach perfection will bring a mix of skills and talents appropriate to the needs of the organization in building effective web systems.

Introduction

The following pages describe the best advice I have for managers of world wide web servers, based upon my experience with two large web servers at an academic research library. These servers encompass thousands of files and hundreds of individual "data owners" -- those with the information being provided.

Implied by my advice is a vision of the perfect Web Manager. Since this is the case I feel I must be clear that this person does not exist. I certainly do not do everything that I advocate -- rather I strive every day to attain it. I must also admit that there is as much blind luck and witchcraft involved as there is "art and science". Most web managers learn on the job and make it up as they go along.

Much of what follows is general in nature; that which is not refers to NCSA httpd running under Unix, which is probably the most widely implemented web server at colleges and universities in the United States.

Know Your Clientele

The first precept of building any information system is to know your clientele and their information needs. This is complicated by the fact that you often have at least two clienteles -- your local users (which have your primary allegiance) and the entire Internet (which comes along "for free"). So how do you serve both?

Often you can do both quite well at the same time. After all, your "local" users are in many cases "remote", in that they may never come into the library and yet have need of your services. Sometimes it is as easy as realizing you should include your area code with any phone numbers you provide. Other times it may be complicated by requirements to limit access to local users for certains kinds of information.

Knowing what information your clientele needs is but one part of the equation -- you also need to know how they will wish to use it. Structuring information for good usability on-screen is very different than doing so for printing out on paper. Occasionally you may even find it necessary to provide a second version of your information optimized for printing. Providing versions of your documents in "rich" formats such as Adobe Acrobat may also be required.

Your users will be accessing your information from a variety of hardware and software platforms. Luckily most web servers keep track of exactly what client software is being used to access your server. NCSA httpd keeps track of this information by inserting one line in a log file called "agent_log" for each client access of your server. For example:

Mozilla/2.0 (Win16; I)

This line tells you that someone accessed your server using the MS Windows 16-bit version of Netscape Navigator 2.0. The location of this file is often /var/log/httpd/agent_log.

Foster Your Data Owners

Those who have responsibility for the content being served on your web server are the "owners" of the information and therefore should be involved in how it is presented. This involvement could be as trivial as advising the person who marks it up in HTML or as substantive as doing it themselves. Those falling into the latter category should be supported in several ways:

Training
No one is born knowing HTML, so markup training is certainly a beginning requirement. But beyond that your data owners may require training in FTP, format conversion (e.g., Adobe Acrobat files, word processing to HTML conversion utilities), image acquisition hardware (e.g., scanners, digital cameras) and software (e.g., Adobe Photoshop), Internet searching techniques, and effective browser use.

Templates
Providing basic HTML templates for different types of common file structures is a very helpful way to save time creating new files. The simplest way to do this is to write an HTML file "shell" that data owners can then fill in with their own information (e.g., {http://www.lib.berkeley.edu/Web/Templates/}). For some types of files that do not require sophisticated markup you may want to program a script that will create a web document with the appropriate basic markup for your server simply by filling in a few blanks on a form (e.g., {http://www.lib.berkeley.edu/Web/Forms/minimal.html}). This technique can be particularly important to allow those who do not have the time or inclination to learn HTML to contribute information to your web server.

Advice
Chances are you do more HTML as a web manager than anyone else in your organization. Therefore you have likely learned a few things along the way. Share those tips and tricks with your data owners. Create a mailing list of your data owners so that sharing information with them as a group is easy.

Assistance
Although you may not have the time to hold everyone's hand, sometimes there is simply no substitute for sitting down with someone and showing them how to do something or even doing it for them while they are there to tell you how they want it.

Current Awareness
You are busy, but so are your data owners. If you see a new web resource that you think would be of interest to someone, forward the information on it to them. The majority of your data owners are unlikely to be monitoring any of the general-purpose current awareness resources such as NET-HAPPENINGS ({ http://listserv.classroom.com/archives/net-happenings.html})

Formulate Policies

Sooner or later you will need to write policies that govern appropriate uses of your web server. With a written policy that has been reviewed by appropriate groups within your organization you will have the organizational authority and support to refuse requests that fall outside of the policy. It can also be cited when necessary to stop inappropriate uses that you may discover. For examples of web policies, see Susan Brown's collection at {http://www.cc.colorado.edu/Library/InfoSource/Current/wwwpol.html} and Stacey Kimmel's at {http://www.lib.ncsu.edu/~Stacey/wwwpols.html}.

Enforce Your Standards

A server without standards is likely to be a disaster. If you have not set up standards regarding "look and feel", for example, how will your users know when they are at your site and when they have left? If you allow your data owners to do anything they like they often will. Determine the essential limits on creativity to protect usability and user friendliness and stick to them. But also be careful not to set limits when none need exist. Reassess your standards periodically. If they are too strict, loosen up. If you are encountering problems where no standards exist or where they are too lax, then tighten your grip.

Encourage Creativity

The flip-side to dictating a common look and feel is encouraging creativity. The trick is to strike a reasonable balance. One way in which this can be done is to specify the presence of some simple graphic element or text that will place the page in context (such as a button bar that identifies the institution) and leave the rest to the data owner.

The {Web Development Team} at the UC Berkeley Library had originally tried to specify a particular structure for each page that described a Library branch. There are good reasons for doing that, but as the Web Manager I soon retreated from such a repressive position to encourage creativity. I was soon glad that I did, as data owners become much more engaged in the process of creating their own distinctive presence within the framework that we had provided. The end result has been an overall enrichment of the server, albeit at the cost of having a different structure for most branch pages.

Another result of encouraging creativity is that those who are the most creative set examples that inspire and challenge others. This kind of contagion can be a much more effective motivator than dictating participation.

Monitor Your Users

Most web servers keep exhaustive statistics on client requests. Logs include one that simply specifies the type of client software used (agent_log in NCSA httpd, see above), the kinds of errors they are experiencing (error_log), and what they are looking at (access_log). All of these logs are typically available in your /var/log/httpd directory.

A number of programs are available to report your access statistics in various ways. One of the best overviews of your options is "WWW Usage Statistics" at {http://www.uiowa.edu/~libsci/studentalumni/asis/d-lib.htm}.

Study Your Competition

A Web Manager should be on the web as much as possible every day. See what others are doing and how they are doing it. Copy their markup. Get graphic design ideas. Decide what you don't like by seeing the mistakes of others.
Figure 1. Opening screen of the UC Berkeley Library Web

An excellent resource for seeing what other libraries are doing on the web is Libweb, a directory of library-based web servers available at http://sunsite.berkeley.edu/Libweb/.

Check Your Links

As all web managers know, a constant problem is keeping the links on your server up-to-date. Documents are moved every day, thereby making links go dead, and it is your responsibility as a Web Manager to identify help your data owners identify these dead links so they can be fixed. Luckily there is software available that automates this task, such as MOMspider ({http://ftp.ics.uci.edu/pub/websoft/MOMspider/}).

You also need to make sure that people are successfully linking to information on your server, and this can be monitored by periodically reviewing the error log. The error log will tell you when someone tried to access something unsuccessfully. You can often spot problems this way that can be easily corrected once you become aware of them.

Strive to Do Better

No matter how good you are doing as a web manager, there is probably always room for improvement. Here are some ways that you can make sure you are doing as well as you could be, since they tend to be things that are overlooked by many web managers.

Error Message Replacement
Most web server error messages are cryptic at best and user hostile at worst. The default "file not found" error message for the NCSA web server is a prime example:

Figure 2. Default screen for a "404 Not Found" error.

This error message tells the user nothing about what they might try to do to find what they need. Use the built-in ability of most web servers to replace the standard error messages with something more useful:

Figure 3. Screen of a replacement error message for a "404 Not Found" error.

It is relatively simple to implement this. For NCSA httpd servers there is a file called "srm.conf", in the "conf" subdirectory wherever your httpd directory is located on your server. In this configuration file (plain text), you will find:

# If you want to have files/scripts sent instead of the built-in version # in case of errors, uncomment the following lines and set them as you # will. Note: scripts must be able to be run as if the were called # directly (in ScriptAlias directory, for instance)

# 302 - REDIRECT # 400 - BAD_REQUEST # 401 - AUTH_REQUIRED # 403 - FORBIDDEN # 404 - NOT_FOUND # 500 - SERVER_ERROR # 501 - NOT_IMPLEMENTED

ErrorDocument 404 /errors/notfound.html

#ErrorDocument 302 /cgi-bin/redirect.cgi #ErrorDocument 500 /errors/server.html #ErrorDocument 403 /errors/forbidden.html

Every line with a pound symbol (#) in front of it is a comment and is thus ignored by httpd. Therefore, to set up an HTML file to be used instead of the default error message all that must be done is to remove the pound symbol in front of the line referring to the error type and specify the address (URL) of the file to be substituted (e.g., the line above for ErrorDocument 404).

Once you have created your replacement error message file (probably placed in an "errors" subdirectory of your web server root) you will need to have your system administrator edit the "srm.conf" file for you and restart the server. After that your users are likely to be much happier.

Referrals
One of the most direct ways to prevent users from losing your information when you move it is to create a page that points to the new location. On such a page you will typically request that the user update any bookmarks or links that they have to the old location. For example:

Figure 4. Screen of a referral to the new address of a web page.

Redirects
Redirection is the procedure whereby you can specify the new location of a document behind the scenes. Then, when a user requests the document at the old location they are automatically redirected to the new location. This prevents the "404 File Not Found" error message as well as the need to put up an explicit referral as discussed above. Also, you can combine redirection with error message replacement so when a file is not found it is first checked against a list of moved files. If a new location is not found for the requested file then the user is presented with a helpful error message file. An example of a script that can handle this operation is "RedMan: WebPage Redirection Manager" available at {http://sw.cse.bris.ac.uk/WebTools/redman.html}.

Question Everything

It is all too easy to assume that your first decisions on the design of your server are the best. Struggle against the law of inertia (objects at rest tend to stay at rest) and periodically question all of your decisions. Ask yourself if there is a better way to organize your information or design a particular page. Ask for critical evaluations from your users and other staff in your organization.

Look critically at each web page for accuracy, usability, "scannability" (the ability to scan page and quickly discover your options), good visual design (is it engaging but not cluttered or distracting?), and good markup (does it display well in different browsers?)

The Perfect Web Manager

The perfect web manager will be part publicist, part politician, and part programmer. She will learn constantly, read voraciously, and advocate tirelessly. He will thrive in uncertainty and relish change. She will be a scientist, an artist, and a witch with a good luck streak.

Questions or comments on this piece may be sent to the author at rtennant@library.berkeley.edu. Prepared for the Untangling the Web Conference at the University of California, Santa Barbara, April 26, 1996.

How to Remove Hacked By Godzilla

2008-04-24T08:52:00.001+08:00

Kaedah Membuang Menggunakan Registry.

1. Klik pada butang start dan tekan run . dalam kotak run taip regedit.

2. Satu Kotak editor akan muncul klik pada HKEY_LOCAL_MACHINE\SOFTWARE .klik dua kali

3. Kemudian car i software dan klik 2 kali HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

4. Kemudian pilih interner explorer dan klik dua kali HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

5. Dan cari perkataan main , kemudian klik perkataan tersebut dan lihat pada sebelah kanan dan cari perkataan window title , right klik dan pilih modify kemudian delete perkataan yang ada pada string tersebut.

Selepas buang perkataan tersebut dan restart pc.

Untuk maklumat yang lain boleh cari di sini http ://www.technixupdate.com/how-to-remove-hacked-by-godzilla-virus-in-5-minutes/

Bagaimana untuk berceramah?

2008-04-07T13:37:00.001+08:00

Oleh mesrarakyat

Artikel daripada Tranungkite.com

Bagaimana untuk berceramah?

Artikel ini ditujukan kepada rakanku di JAKIM, JAWI, TH,guru-guru dan apa jua jenis profesion anda. Yang penting, tujuannya untuk berceramah terutama ceramah umum atau khas yang telah di tetapkan oleh penganjur. Yang pasti, kuliah dan ceramah adalah dua perkara berlainan.

Bagaimana ingin memulakan teks ceramah?

Yang pertama, pastikan kita dapatkan tajuk dari penganjur ataupun kita yang bebas memilih tajuk. Kita ambil contoh ‘Peranan Ilmu Kepada Manusia’. Nampak mudah tetapi bagi yang tidak pernah berceramah, tentulah ia perkara yang amat berat.

Penulisan Teks Ceramah

Bagaimana seseorang itu boleh bercakap 2 jam tanpa rasa letih ataupun tanpa menjemukan pendengar-pendengar? Mestilah ceramah tersebut penuh dengan isi ditambah pula dengan isi yang dapat menarik pendengar tersebut seperti isu-isu terbaru, perkara yang sudah menjadi budaya dan sebagainya. Ini terpulang kepada kebijaksanaan penceramah itu sendiri.

Mari kita tulis lakaran teks ceramah. Hanya memerlukan kertas A4 yang di lipat empat ataupun buku nota kecil (jangan guna buku 555, low class!)

TAJUK: Peranan Ilmu Kepada Manusia

MASA : 1 jam

PENDENGAR : Penduduk Kg Aman Sentosa

Kita perlu bahagikan kepada 3 perkara :

1-PENDAHULUAN (10 min)

2-ISI (40 min)

3-PENUTUP (10 min)

Oleh kerana sejam 60 minit maka 3 perkara di atas hanya memerlukan pembahagian minit untuk anda berceramah setiap perkara tersebut.

Contoh PENDAHULUAN :

Pembukaan dengan kalimah tauhid – spt Asyhadualla la ilaha illa Allah.. (3 min)

Takrif Ilmu – ringkas (3 min)

Pembahagian ilmu kepada baik dan buruk (4 min)

Jika dirujuk dari isi pendahuluan di atas maka anda sudah nampak apakah isi yang perlukan anda beri penekanan. Ini terpulang kepada bahasa anda, samada anda menggunakan audien untuk soal jawab seperti “Siapa boleh beritahu ustaz, ilmu itu terbahagi kepada berapa bahagian..??”

PERINGATAN : Anda Hendaklah Berdisiplin Mematuhi Masa Yang Anda Sendiri Tetapkan Supaya Tidak Terkurang. Jika Terlebih, Itu Bonus Buat Anda.

Mari kita lihat teks ISI pula :

Contoh ISI ‘Peranan Ilmu..’ :

1-kenal pencipta ( 10 min)

1.1 ilmu tauhid – kenal siapa tuhan (5 min) – beza dengan orang bukan islam

1.2 pelbagai ilmu ada manfaatnya (5 min) – ilmu perubatan ada faedah, ilmu falak ada faedah.

2-selamat dari kekufuran ( 10 min)
2.1 tahu membezakan yang mana iman atau kufur – cthnya ilmu sihir (5 min)

2.2 menjauhkan perkara yang boleh menjatuhkan akidah – cthnya dengan ilmu, kita tahu mana yang patut dijauhi seperti menghina Rasulullah (5 min)

3. Allah beri kemudahan penuntut ilmu (20 min)

3.1 penuntut ilmu di doakan oleh segenap makhluk Allah (5 min) – hadis

3.2 penuntut ilmu di mendapat darjat yang tertinggi (5 min) – alQuran

3.3 penuntut ilmu di kenang sepanjang zaman (5 min) –

3.4 penuntut ilmu yang mengajar (5 min) - amal jariah yang besar

Oleh itu, masa untuk ISI adalah 40 minit.

Akhirnya kita lihat PENUTUP :

Kesimpulan tajuk ilmu (5 min)

Doa – semoga menjadi orang yang berilmu (5 min)

Sudah selesai! Anda akan dapati masa di atas nampak sudah menjadi singkat. Dan, siapa yang telah biasa buat cara begini masanya sentiasa di penuhi dengan ceramah dan ditambah pula jika isi menarik.

Bagaimana pula memasukkan ayat alQuran dan hadith?

Biasanya, penceramah hendaklah terlebih dahulu menghafaz ayat atau matan hadith demi memudahkan dan melancarkan isi tersebut. Jika tidak pun, catatkan di hujung kertas tersebut agar ia semakin kuat di ingatan kita."

Fundamentals: Five ways to secure your Cisco routers and switches

2008-04-05T05:14:00.001+08:00

Article taken from TechRepublic

Date: April 3rd, 2008
Author: David Davis

Recently, Cisco Subnet blogger Brad Reese wrote the article, “Expert warns of scam to blackmail companies for cash to get back access to their Cisco routers.” In that post, he wrote about hackers who manage to hijack a company’s routers and then extort money from them by threatening to take down the network. The hackers were able to obtain control of the network because of poorly written Cisco IOS ACLs, easily guessed passwords, and unencrypted SNMP community strings (or easily guessed community strings).

Don’t let this happen to you and your network. Here are my top five best practices to secure your routers, your network, and your company from malicious attacks.

1. Understand the basics of router security

You must understand the basics of router security. Here are the essentials:

Physically secure the routers
If your routers are not physically secured, anyone can walk up, perform a password reset, and gain full access to that router’s configuration. Even if this isn’t a core router, they could take down your network by poisoning the routing tables on all routers. For this reason, routers should be in a locked room and preferably have video surveillance. Additionally, reliable electrical power and cooling must be provided.

Lock down the router with passwords
Routers must be secured with passwords at both the login mode (to prevent initial access) and the privileged mode (to prevent configuration changes). For more information on these different levels in the Cisco IOS, please see my article, “Understand the levels of privilege in the Cisco IOS.”

Apply login mode passwords on Console, AUX, and VTY (telnet/ssh) interfaces
Password controlled access needs not only to be on the VTY lines to prevent network access, but also on the Console and AUX ports. If the Console port is locked but the AUX port doesn’t have a password, then locking the Console wasn’t of much use, was it?

Set the correct time and date
To ensure that logs are correct and have not been tampered with, you must ensure that the router has the correct time and date. For more information, please see “Synchronize a Cisco router’s clock with Network Time Protocol (NTP).”

Enable proper logging
Logging should be enabled, preferably, back to a central source like a syslog server. At minimum, you need to configure a buffered log on the router. However, if the power is lost to that router, that local buffered log is lost. For this reason, to really be secure, you need to configure a syslog server (see the article, “SolutionBase: Monitor your network with Kiwi Syslog“), and send all router logs to that server. You could also put in the open source or commercial version of Tripwire. Preferably, you should increase the level of logging and even log configuration changes to the router. For example, you can use the following command to enable SNMP traps for configuration changes:

snmp-server enable traps config

For more information on Cisco router logging, please see, “Get to know your logging options in the Cisco IOS.”

Back up router configurations to a central source
Let’s say that someone does take control of your router or wipes out your router configurations. To replace that router quickly or replace the configuration, you need to have a backup of that configuration. To do this, ensure that your routers are backed up whenever configuration changes are made or each week or day. I have enjoyed using Kiwi CatTools to do this. For more information, see “Automate changes to your Cisco router with Kiwi CatTools.”

Secure other network devices such as switches and wireless access
Most of the items listed here also apply to Cisco switches and wireless access points. Here are a couple of articles on those topics that you should check out:

Two more areas that I consider to be at the basic level of router security are locking down network access to the router with a stateful firewall or ACL and encrypting sensitive network traffic, but I will cover these points in more detail below (sections three and five, respectively).

2. Know your network: Diagram, audit, and document

If you are responsible for the security of a network you should know that network like you know the vulnerable doors and windows (think entry points) of your house.

You should diagram your network so that you have a map to help you and others visualize the entire network.

You should have the router configurations backed up (see Kiwi CatTools above). Finally, you should periodically audit your network security, both internally and externally (via a third party). There are tons of network scanning and auditing tools available. Here is a recent article of mine that covered one of them: “Audit your Cisco router’s security with Nipper.”

3. Protect your router with a firewall and ACLs

In Reese’s post about the hackers, he mentioned the fact that the company had poor access control lists (ACLs) in place on their routers. ACLs are typically what protect routers from attack. However, due to their complexity, many of them end up being misconfigured or ineffective. Make sure that your ACLs allow only traffic to the router and through the router that should be there. For internal routers this will only be internal traffic.

Make sure you understand that whatever isn’t permitted will be denied (the implicit deny), that ACLs are processed from the top down, that there should never be a permit any in the ACL, and that the ACL must be applied to an interface in the proper direction to be enabled. For more information on ACLs, please see some of my articles and video on this topic:

Keep in mind that ACLs aren’t just used to prevent traffic from going through the router. They are also used to control SSH traffic, routing update, and to throttle traffic. For more information, see:

Besides ACLs, the Cisco IOS offers a real stateful firewall if you use the Security/Firewall version of the IOS. A stateful firewall will be much better than just using ACLs. I recommend checking out my article, “Protect your network with the Cisco IOS Firewall,” and consider implementing one on your routers.

4. Change your passwords and make them complex

Another method that hackers use to take control of networks is password guessing or password sniffing. To prevent this, you should CHANGE YOUR PASSWORDS TO COMPLEX PASSWORDS TODAY. Don’t wait another day! An example of a complex password is MySuper!S3cr3tPa$$.

Make sure you always use type 5 password encryption on your routers (see “Be aware of how easily someone can crack a Cisco IOS password“). Make sure this command is on your router to encrypt most (but not all) passwords with type 5 encryption:

service password-encryption

Also, keep in mind that we aren’t just talking about login passwords. This includes all SNMP community strings and routing protocol update passwords. All of those should be complex and changed periodically.

For more information on this topic, please see, “How to Configure Passwords to Secure your Cisco Router.”

5. Always encrypt sensitive network traffic

Finally, hackers can obtain passwords to your routers by sniffing network traffic when you log in to your router with telnet, perform a “show run” via telnet, or use unencrypted SNMP strings.

You should always encrypt sensitive network traffic by using SSH and SNMP encryption. Start by enabling SSH and disable telnet to all network devices that support it (see “Configure SSH on your Cisco Router“).

If you are using SNMP, enable SNMP v3 with encryption and use it exclusively (for more information, see AES and 3-DES Encryption Support for SNMP Version 3).

Be careful

The point of this article is to (1) encourage you to take action to secure your network before malicious attackers take control of it and (2) to show you exactly which actions you need to take. You shouldn’t assume that your network isn’t a target because your company isn’t high profile or your data wouldn’t be valuable to an attacker. Take every reasonable step to protect your network; as you can see from this post, these steps aren’t necessarily difficult or costly.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

How to reset Product Key - Microsoft Office

2008-03-18T13:07:00.002+08:00

Today i got problem with ms office, cannot activate because it said already reach the limit for the product key. Actually i don't know which installation cd have been used.

I must install new ms office to get new product key but anyway i don't know which cd already used and validate. After searching in the internet , i got solution and i tried , successful.

This is the step :

Close all Microsoft Office programs.
Click on Start button, then click on Run.
Type “regedit” (without quotes) in the Run text box, and click OK or press Enter.
Locate and then click the following subkey:
HKEY_LOCAL_MACHINE \Software\Microsoft\Office\12.0\Registration

Inside, you will find another subkey that resembles the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{30120000-00
After you find the GUID subkey that contains your Office product or program which you want to remove the existing product license key or registration details, delete the following registry entries by right clicking on the registry entry in the GUID subkey, click Delete, and then click Yes:
• DigitalProductID
• ProductID
Exit Registry Editor.
Run or open an Office application program, such as Microsoft Word or Excel or Outlook. Office will prompt you to enter a new 25-character product key.

NTLDR Missing

2008-01-17T08:08:00.000+08:00

NTLDR Missing

http://tinyempire.com/notes/ntldrismissing.htm
http://pcsupport.about.com/od/fixtheproblem/ht/ntldrntdetect.htm
http://pcsupport.about.com/od/fixtheproblem/ss/rconsole_4.htm

10 security tips for all general-purpose OSes

2007-10-23T16:18:00.000+08:00

10 security tips for all general-purpose OSes

Date: October 19th, 2007
Author: Chad Perrin
Category: Security, Passwords, Authentication, Intrusion Detection, Encryption, Malware, networking, patching

There are key considerations for system security that apply no matter which general-purpose operating system platform you happen to be using. You should always consider the following precautions when securing your systems against unauthorized access and unfortunate disasters:

Use strong passwords. One of the simplest ways to improve security is to use a password that isn’t easily guessed by brute force attacks. A brute force attack is one where the attacker uses an automated system to guess passwords as quickly as possible, hopefully finding the right password before long. Passwords that include special characters and spaces, use both capital and lowercase letters, avoid words in the dictionary, as well as numbers, are much more difficult to crack than your mother’s name or your anniversary date. Remember as well that increasing the length of your password by one single character multiplies the total number of possibilities by the number of valid characters that can be used. In general, anything less than eight characters is considered far too easy to crack. Ten, 12, or even 16 is better. Just don’t make it too long to remember or too difficult to type.
Invest in good perimeter defense. Not all security occurs on the desktop. It’s a good idea to use an external firewall/router to help protect your computer, even if you only have one computer. At the low end, you can purchase a retail router device, such as the commercial Linksys, D-Link, and Netgear routers that are available in stores such as Best Buy, Circuit City, and CompUSA. Higher up the scale, you can get managed switches, routers, and firewalls from “Enterprise” class vendors such as Cisco, Vyatta, and Foundry Networks. Starting somewhere in the middle and moving all the way up to direct competition with the major “Enterprise” class vendors, you can put together your own firewalls either “from scratch” or using prepackaged firewall/router installers such as m0n0wall and IPCop. Proxy servers, antivirus gateways, and spam filtering gateways can all contribute to stronger perimeter security as well. Remember that in general switches are better for security than hubs, routers with NAT are better than switches, and firewalls are a definite necessity.
Update your software. While concerns such as patch testing before deployment to production systems may be of critical importance in many circumstances, ultimately security patches must be rolled out to your systems. Ignoring security updates for too long can result in the computers you use becoming easy targets for unscrupulous security crackers. Don’t let the software installed on your computers fall too far behind the security update schedule. The same applies to any signature-based malware protection software such as antivirus applications (if your system needs them), which cannot be any more effective than the degree to which they are kept up to date with current malware signature definitions.
Shut down services you don’t use. Often, computer users don’t even know which network accessible services are running on their systems. Telnet and FTP are common offenders that should be shut down on computers where they are not needed. Make sure you’re aware of every single service running on your computer, and have a reason for it to be running. In some cases, this may require reading up on the importance of that service to your particular needs so that you don’t make a mistake like shutting off the RPC service on a Microsoft Windows machine and disallow logging in, but it’s always a good idea to have nothing running that you don’t actually use.
Employ data encryption. Varying levels of data encryption coverage are available to the security-conscious computer user or sysadmin, and choosing the right level of encryption for your needs is something that must be decided based on circumstances. Data encryption can range from use of cryptographic tools on a file-by-file basis, through filesystem encryption, up to full disk encryption. Typically, this doesn’t cover the boot partition, as that would require decryption assistance from specialized hardware, but if your need for privacy is great enough to justify the expense, it’s possible to get such whole-system encryption. For anything short of boot partition encryption, there are a number of solutions available for each level of encryption desired, including both commercial proprietary systems and open source systems for full disk encryption on every major desktop operating system.
Protect your data with backups. One of the most important ways you can protect yourself from disaster is to back up your data. Strategies for data redundancy can range from something as simple and rudimentary as periodically saving copies to CD to complex, staggered, periodic automated backups to a server. On systems that must maintain constant uptime without loss of service, RAID can provide automatic failover redundancy in case of a disk failure. Free backup tools such as rsync and Bacula are available for putting together automated backup schemes of arbitrary complexity. Version control systems such as Subversion can provide flexible data management so that you can not only have backups on another computer, but you can keep more than one desktop or laptop system up to date with the same data without a great deal of difficulty. Using subversion in this manner saved my bacon in 2004 when my working laptop suffered a catastrophic drive failure, emphasizing the importance of regular backups of critical data.
Encrypt sensitive communications. Cryptographic systems for protecting communications from eavesdroppers are surprisingly common. Software supporting OpenPGP for e-mail, the Off The Record plug-ins for IM clients, encrypted tunnel software for sustained communication using secure protocols such as SSH and SSL, and numerous other tools can be had easily to ensure that data is not compromised in transit. In person-to-person communications, of course, it can sometimes be difficult to convince the other participant to use encryption software to protect communications, but sometimes that protection is of critical importance.
Don’t trust foreign networks. This is especially important on open wireless networks such as at your local coffee shop. If you’re careful and smart about security, there’s no reason you cannot use a wireless network at a coffee shop or some other untrusted foreign network, but the key is that you have to ensure security through your own system, and not trust the foreign network to be safe from malicious security crackers. For instance, it is much more critical that you protect sensitive communications with encryption on an open wireless network, including when connecting to Web sites where you use a login session cookie to automate authentication or enter a username and password. Less obviously, make sure you don’t have any network services running that are not strictly necessary, as they can be exploited if there is an unpatched vulnerability. This applies to network filesystem software such as NFS or Microsoft CIFS, SSH servers, Active Directory services, and any of a number of other possibilities. Check your systems both from the inside and the outside to determine what opportunities malicious security crackers may have to attempt to compromise your computer, and make sure those points of entry are as locked down as reasonably possible. In some respects, this is just an extension of the points about shutting down unneeded services and encrypting sensitive communications, except that in dealing with foreign networks you must be especially stingy with the services you allow to run on your system and what communications you consider “sensitive.” Protecting yourself on a foreign, untrusted network may in fact require a complete reworking of your system’s security profile.
Get an uninterruptible power supply. You don’t just want a UPS so you won’t lose files if the power goes out. There are other, ultimately more important reasons, such as power conditioning and avoiding filesystem corruption. For this reason, make sure you get something that works with your operating system to notify it when it needs to shut itself down, in case you aren’t home when the power goes out, and make sure you get a UPS that provides power conditioning as well as battery back-up. A surge protector simply isn’t enough to protect your system against damage from “dirty” power. Remember, a UPS is key to protecting both your hardware and your data.
Monitor systems for security threats and breaches. Never assume that just because you’ve gone through a checklist of security preparations your systems are necessarily safe from security crackers. You should always institute some kind of monitoring routine to ensure that suspicious events come to your attention quickly and allow you to follow up on what may be security breaches or threats to security. This sort of attention should not only be spent on network monitoring but also integrity auditing and/or other local system security monitoring techniques.

Other security precautions may apply depending on the specific OS you use. Some operating systems provide additional challenges to security because of design characteristics that produce a less-than-optimal security profile, and some operating systems grant the knowledgeable sysadmin capabilities for increased security that may not exist elsewhere. All of this should be kept in mind when securing your system, whether using proprietary systems such as Microsoft Windows and Apple Mac OS X or open source systems such as your favorite Linux distribution, FreeBSD, NetBSD, or even the very security-conscious OpenBSD.

Only in the very rarest of circumstances is a default install of your OS of choice, with no further thought to securing the system, truly sufficient. Start with the above enumerated security concerns regardless of your operating system, then consider the specific security needs and opportunities of your platform. Don’t leave the integrity of your system’s security up to luck.

& Techniques for Managing ICT Staff

2007-10-18T07:01:00.001+08:00

This info i taken from http://techrepublic.com.com/ with original title 7 techniques for manging your technical staff.

Date: October 16th, 2007
Author: Tom Mochal
Category: Project Management, Personnel, Management

In my last blog, I talked about some of the general characteristics of an IT project team. For example:

They tend to be introverts
They tend to think more logically than emotionally
They tend to be problem solvers
They tend to be technically creative

Knowing some of the characteristics of your technical staff allows you to better understand how to manage them effectively. Applying some or all of the following techniques will help you create a more conducive work environment where people can excel.

Give them the tools that need to do their jobs.

Establish an environment where people feel they have what they need in order to do their jobs. This includes having appropriate hardware and software. It doesn’t necessarily need to be state of the art, but it should be of acceptable quality. Because they’re in the IT field, IT people get frustrated when they don’t have the right hardware and software to do their jobs effectively.

Make sure they have the right skills and provide opportunities to learn.

IT people love to learn new things. Managers should make sure their people have the skills needed to do their jobs and that they receive opportunities to grow into new technical areas. This doesn’t have to be third-party training classes. It can include computer-based training, seminars, webinars, books, magazines, etc. Also, once someone has mastered a certain skill and they start to become bored, look for ways they can cross-train and learn new areas of the group.

Create a viable work environment.

Technical people like to understand the work processes in the group, and then they like to be creative in working within that structure. So, set the high-level rules, but don’t micromanage the details.

Give people as much information as they need to do their jobs.

Managers should strive to be proactive communicators. Remember, many IT people are introverts who like to process information internally. They may or may not come up to you and ask you what’s going on all of the time. Managers should make sure that they communicate as much as they can about what’s going on in the company, their organization, and their group.

Shield the team from office politics

Don’t let your team get bogged down in the organization muck. This means removing organizational roadblocks and shielding the team from organizational politics. IT people will tend to get cynical fast if they feel like a political environment is affecting their work or in decisions that affect them.

Make sure each person remembers he’s part of a team.

Even though IT people tend to be introverts, it doesn’t mean they prefer to work alone. IT staff may prefer to work independently, but they also like being a part of the team. Managers should nurture this need. For instance, they should have regular team meetings. Managers should also make sure they have opportunities to do fun stuff as a group - even if it’s just going to lunch together once in a while.

Be there when needed and respond to problems and concerns.

Not all problems can be fixed, but many times the simple act of listening and trying is enough. People will give you credit for trying, even if the ultimate resolution to a problem isn’t available.

You might note that many of these management techniques are not unique to technical staff in general or IT staff in particular, but they’re particularly applicable to the IT staff.

Suddenly My Windows XP Log In Then Log Off

2007-06-09T06:49:00.000+08:00

Sign and Symptom

After we click the user account , It starts logging and the message (loading personal settings) starts, but suddenly during logging in it log's OFF and the message (Saving your personal settings) and goes back to the main screen with the three users icons. In Save Mode also the same things , you cannot do anything to log in into your account.

Diagnosis
Missing file or changing of the value Userinit key

Solution

A.Userinit-Missing

1.Boot into Full Support NTFS DOS
2.Check Userinit from c:\windows\systems32
3.If the file missing , copy from the other computer
4.Reboot

B.Editing Registry

1.Get Offline Registry Editor from http://home.eunet.no/~pnordahl/ntpasswd/
2.Get the Bootable CD - Using any software burn into the CD
3.Boot the CD
4.Load the 'software' registry
5.go to the full registry editor
6.Search for Microsoft/Windows NT/CurrentVersion/Winlogon key
7.Look the value of the Userinit subkey.
If it's not "C:\WINDOWS\System32\userinit.exe,", then change it.
8.Quit and save
9.Reboot

C. If got a large and partition hardisk.
1. Install another windows xp in the other partition
2. copy an userinit from windows/systems32(this from new OS)
3.then paste to the old windows XP

Apa itu Pfsense@Firewall?

2007-05-29T13:23:00.000+08:00

Firewall

Firewall adalah alat keselamatan teknologi maklumat yang terletak ditengah hubungan rangkaian dan mempunyai tugas untuk memeriksa data yang keluar/masuk atau memjadi pusat pengesahan bagi aktiviti rangkaian dan sebagai benteng pemisah bagi sesuatu sistem rangkaian.

Macamana nak Install Pfsense

2007-05-29T12:33:00.000+08:00

Ok , hari ini aku dah decide nak wat firewall guna pfsense. Pfsense ni adik beradik dengan monowall. Aku pun x penah lagi explore benda ni. Hehehee excited gak nak wat benda ni. But anyway aku nak plan dulu. Nanti aku cadang nak letak kat cni step dia. leh jadi bahan rujukan. Sebab dulu banyak yg aku buat tapi akhir nyer lupa dan bila nak refer x tau kat ner nak cari. Ok doakan kali berjaya

Torrent Slow or No Connection - ByPass TM - Proxomitron

2007-02-10T06:36:00.000+08:00

Ok , sejak kebelakangan ni ramai yang dapati torrent makin slow, aku pun cari info kat net. Kebanyakan kata TM dah block P2P.Jadi mmg torrent ada problem. Aku lak dapat donlod tetapi kekadang tu slow sangat. tensen tul .. donlod NARUTO pun lambat ...

Jadi aku pon try la cari solution kat mesin carian (search engine - google la .. hehehehe) ni yang aku dapat .. Korang try jugak .. nanti kasik la feedback yup kat sini .. ok ker solution depa ni ..

Hi warga jiwang torrent?

Ramai user mengeluh disebabkan tak boleh nak connect ngan tracker.. sebab apa aa? semua utorrent, bitcomet, azureus dan lain2 akan mengeluarkan error : ?Connection Closed By Peer?? senang citer upload tarak, download tarak?

Jadi ada satu cara utk kite bypass keje org TM ni? camner?

Ikuti tips yang telah dibuat oleh zeroxxx :

Step 1 :

Download PROXOMITRON

Step 2 :

Lepas dan install, tutup la semua program dan jalankan PROXOMITRON

Step 3 :

Akan kuar la dialog nih :

Step 4 :

Kat dioalog utama PROXOMITRON ada button HEADER

Step 5 :

Scroll dan carik User Agent: SpaceBison (Out)

p/s : Korang juga boleh create user agent sendiri? Klik New dan masukan nilai2 tertentu.. nanti aku tunjuk contoh kat bawah? macam dalam gambo tu, User agent aku : User Agent: TM Babi (out).. sori terkasar bahasa?

Step 6 :

Tadaaa? dah setting pon menatang PROXOMITRON tu? senang kan?
pastu jom setting client korang? dalam contoh ni aku ajar utorrent.. lain2 korang explore sendiri k?

Pergi menu OPTION -> PREFERENCE atau CTRL+P
dan pergi pada menu CONNECTION

Pastu korang buat la cam dalam gambo tu?

Pastu siap? dan berjaya? korang leh sambung balik ke tracker? yeayyyy!!

_____________________________________________________________________________

Ni contoh kalo nak buat header baru :

Headers "> NEW

Ok la? tu la tutorial yang telah ditunjukan oleh zeroxxx.. TQ zeroxxx
? minta izin aku ubah sikit2 ye? hehehe?.

Lain-Lain :

Satu lagi? korang juga leh setting kat Internet Option :

Cara dia =

Start "> Control Panel "> Internet Option "> Connections

Ori Link :

Link 1

Forum (Register User!)

Others Reference Link :

PROXOMITRON

10 Step To Install MYSQL

2006-10-12T10:37:00.000+08:00

Installation MYSQL

Tested at FEDORA 5

<--- Begin From Here--->

1. Download the installation file
Use this (just copy and paste)
wget http://dev.mysql.com/get/Downloads/MySQL-5.0
/mysql-standard-5.0.26-linux-i686.tar.gz/from/http://www.wsection.com/mysql/

if new version release - use this command inside your command line
wget

2. Unzip the download file
tar -zxvf mysql-standard-5.0.26-linux-i686.tar.gz

3. Move the directory and rename to mysql
mv mysql-standard-5.0.22-linux-i686 /usr/local/mysql

4. Installing all prepared tables
Fill help tables
cd /usr/local/mysql
./scripts/mysql_install_db

5. Create mysql user
groupadd mysql
useradd -g mysql mysql

Configure Permission
cd ..
chown -R root.mysql mysql
chmod -R 640 mysql
chmod -R u+X,g+X mysql
chmod -R ug+x mysql/bin
chmod -R g+w mysql/data
chmod -R u+x mysql/scripts
cp mysql/support-files/my-medium.cnf /usr/local/mysql/data/my.cnf
chgrp mysql mysql/data/my.cnf
cd mysql

6.Starting mysqld daemon
cd .; ./bin/mysqld_safe &

7.Check process
ps ax | grep msql
Output --> 2906 pts/1 S 0:00 grep msql
id;uname -a
Ouput --> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
Linux trackptg 2.4.21-32.EL #1 Fri Apr 15 21:29:19 EDT 2005 i686 i686 i386 GNU/Linux

8.Set MYSQL password
bin/mysqladmin -u root password 'yourpassword'

9. Configure Mysql Service on Startup
cp support-files/mysql.server /etc/rc.d/init.d/mysql
chmod 744 /etc/rc.d/init.d/mysql
chkconfig --add mysql
service mysql restart
ln -s /usr/local/mysql/bin/mysql /sbin/mysql

10.Testing
mysql -u root -p
Output --> Enter password:******
Welcome to the MySQL monitor. Commands end with; or \g.
Your MySQL connection id is 8 to server version: 5.0.22-standard-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Let's Learn VI (Powerful Text Editor For Linux)

2006-10-09T12:35:00.000+08:00

This basic command VI (powerful text editor for Linux user in commandline). I like to remember and practice the command.

Starting an Editing Session

vi filename - where filename is the name of the file to be edited.

Undo Command
u undo the last command.

Screen Commands

CTL/l
Reprints current screen.
CTL/L
Exposes one more line at top of screen.
CTL/E
Exposes one more line at bottom of screen.
CTL/F
Pages forward one screen.
CTL/B
Pages back one screen.
CTL/D
Pages down half screen.
CTL/U
Pages up half screen.

Cursor Positioning Commands

j Moves cursor down one line, same column.
k Moves cursor up one line, same column.
h Moves cursor back one character.
l Moves cursor forward one character.
RET Moves cursor to beginning of next line.
0 Moves cursor to beginning of current line.
$ Moves cursor to end of current line.
SPACE Moves cursor forward one character.
nG Moves cursor to beginning of line n. Default is last line of file.
0 Moves the cursor to the first character of the line.
:n Moves cursor to beginning of line n.
b Moves the cursor backward to the beginning of the previous word.
e Moves the cursor backward to the end of the previous word.
w Moves the cursor forward to the next word.

/pattern Moves cursor forward to next occurrence of pattern.
?pattern Moves cursor backward to next occurrence of pattern.
n Repeats last / or ? pattern search.

Text Insertion Commands

a Appends text after cursor. Terminated by escape key.
A Appends text at the end of the line. Terminated the escape key.
i Inserts text before cursor. Terminated by the escape key.
I Inserts text at the beginning of the line. Terminated by the escape key.
o Opens new line below the current line for text insertion. Terminated by the escape key.
O Opens new line above the current line for text insertion. Terminated by the escape key.
DEL Overwrites last character during text insertion.
ESC Stops text insertion. The escape key on the DECstations is the F11 key.

Text Deletion Commands

x Deletes current character.
dd Deletes current line.
dw Deletes the current word.
d) Deletes the rest of the current sentence.
D, d$ Deletes from cursor to end of line.
P Puts back text from the previous delete.

Changing Commands

cw Changes characters of current word until stopped with escape key.
c$ Changes text up to the end of the line.
C, cc Changes remaining text on current line until stopped by pressing the escape key.
~ Changes case of current character.
xp Transposes current and following characters.
J Joins current line with next line.
s Deletes the current character and goes into the insertion mode.
rx Replaces current character with x.
R Replaces the following characters until terminated with the escape key.

Cut and Paste Commands

yy Puts the current line in a buffer. Does not delete the line from its current position.
p Places the line in the buffer after the current position of the cursor.

Appending Files into Current File

:R filename
Inserts the file filename where the cursor was before the ``:'' was typed.

Exiting vi

ZZ Exits vi and saves changes.
:wq Writes changes to current file and quits edit session.
:q! Quits edit session (no changes made).

How To Remove New Variant Commwarrior

2006-10-08T18:33:00.001+08:00

Incident History

Yesteday I visited my mother at Kuala Lumpur because of fasting months. There some how, my brother received a sms and open it. Because of that the handphone got infected with this virus. My handphone started sending sms and mms. When i switch on my bluetooth in my Laptop, it also trying to send the virus into the laptop. After 6 hours finding the solution in the internet . I solve it with this solution and i hope we can share the experience and i'm happy to hear any comments from other about this solution.

Sign and Symptoms

The variant dubbed Commwarrior.C, will launch a process named “cwoutcast” once it install itself in the infected device. It will send MMS message to certain devices non-stop.

The difference between this variant and the previous Commwarrior are:

* This variant has a safe mode in the background process that gives the smart phone user a hard time to remove it by just following normal virus clearing procedure.

* Even if you can locate the virus in the disk and delete it, the remaining process in the memory will regenerate the same files in the corresponding disk, and this is why this variant is considered un-beatable.
* This variant, same as its ancestor, can also spread itself through bluetooth, only in a more aggressive way. It can spread itself to several devices through bluetooth simultaneously.
* It will infect your MMC card, so that when you send information to your friends with your MMC card, you will possibly have sent the virus to them as well.

Removal Steps:

First(important)

Kill Commwarrior Process

Install a third-party file manager. For example FExplorer
Start FExplorer
Select and copy any file to clipboard

Navigate file system with navigation button. Press right to enter directory, left to leave directory.
Select C: and press right, select system and press right
Select any file from c:\system such as backup.xml
Select Edit/Copy from menu

Copy the file to E:\system\temp

Press left until you are at filesystem selection screen
Select E: and press right
Select System and press right, and then temp and press right
Select Edit/Paste from menu

Rename the file to noboot

Select File/Rename from menu
Rename the copied file to noboot

Reboot the phone

Second Step -Install any removal tool ( I use Symantec)

download and run the tool

Follow these steps to download and run the tool:

Download the SymcMTRT.sis file from the following URL:

http://securityresponse.symantec.com/avcenter/SymcMTRT.sis

Note:
- The current version of the tool is version 1.0.5.
- The certificate details are as follows:
  
  Issuer:
  Symbian Limited
  Owner:
  Symantec Corporation
  Expires:
  06/27/2016
  Serial number:
  554E3938F3A3BFB6ED39D54C9653BDBD
  Valid from:
  06/28/2006
Save the file to a convenient location, such as your Windows desktop.
Load the SymcMTRT.sis removal tool file onto the compromised device.
In the Symbian OS Menu, open the Tools folder.
Open the File Mngr. program.
Locate the SymcMTRT.sis file and open it.
Click Yes when you see the following message:

Install Symantec Mobile Threats Removal Tool?
Choose Continue and then click OK.
Click Exit to exit the file manager.
Click Back to exit the Tools folder.
Open the SymcMTRT application.
Click Options, select Quick Scan, and then click Select.
Choose Yes or No when the following message appears:

Would you like to create a log file as C:\Nokia\SymcMTRT.LOG?
One of two messages will appear:

Scanning Completed! The removal was successful. Directories deleted:[NUMBER OF DIRECTORIES] Files deleted:[NUMBER OF FILES]

Scanning Complete! No threat has been found on your device
Click Close to exit the removal tool.
Restart the device.
Run the removal tool again to ensure that the device is clean.

First Posting

2006-10-07T08:43:00.000+08:00

Teratak pada zaman dahulu terletak ditengah bendang/sawah padi. Tempat rehat untuk melepas lelah selepas penat menanam padi. Tapi zaman sekarang dah tak ada dah ... jarang-jarang ada bendang/sawah padi yang mempunyai teratak. Jadi aku nama kan blog aku ni teratak sebab dulu-dulu masa kecik aku suka dok kat teratak ni. Menengok matahari naik atau turun .. seronok woo ... Sedeh nyer bila teringat masa dulu.

Tapi kini - teratak-buluh blog tempat aku , kengkawan dan pelawat untuk melepaskan lelah dan berehat. Aku cuba untuk meringkas seringkas mungkin apa yg ingin aku paparkan kat sini. Arios

Salam Sayang Untuk Semua

Teratak Buluh

Dapatkan DUIT dari Ziddu

Dapat Duit Dengan Freakshare

OpenFiler 2.99 - Attempted to Create Software Raid 1 Array - Failed...

Dionea - Honeypot

Metasploit Framework

How To Delete Remembered Network Passwords In Windows

Password Management Best Practices

Kisah Genius Islam Ibnu Sina

Installing a minimal Ubuntu installation with a minimal Gnome desktop

Virtual Box - Connect to wireless network from guest OS?

Reset your lost Ubuntu Password

XP: Small, Free Way to Use and Mount Images (ISO files) Without Burning Them

XP: Small, Free Way to Use and Mount Images (ISO files) Without Burning Them

Microsoft has an unsupported virtual CD-ROM program. Why buy alcohol or Daemon Tools?

How To Get Back Our Lost Handphone

How I Got My Lost iPhone Back From a Good Samaritan

Top 10 tips to keep that new computer spyware-free

December 27th, 2005

Top 10 tips to keep that new computer spyware-free

The Five-Access Point Security Plan

Ubuntu Proxy : Error opening/creating log file. (check ownership and access rights).

A simpler way to save: the 60% solution

A simpler way to save: the 60% solution

How To Mount CD Rom Linux Shell Command

How to Detect & Remove Trojan Farfli

Article from : http://www.411-spyware.com/remove-trojan-farfli

How to Detect & Remove Trojan Farfli

What's Trojan Farfli?

Do I Have Trojan Farfli?

Free Trojan Farfli Scan, with SpyHunter

How to Remove Trojan Farfli

Get Rid of Trojan Farfli Manually

Free Trojan Farfli Scan, with SpyHunter

How Do I Remove Trojan Farfli Files?

How to delete Trojan Farfli files in Windows XP and Vista:

How to stop Trojan Farfli processes:

How to remove Trojan Farfli registry keys:

How to remove Trojan Farfli DLL files:

How Did I Get Trojan Farfli?

Detect Trojan Farfli & Other Malware

Is your computer infected with malware?

Understanding Trojan Farfli & Spyware

Trojan Farfli May Be a Trojan

What Are Trojans?

Methods of Trojan Farfli and Other Trojans Infection

Trojan Farfli-Related Posts

Trojan Farfli's Threat Level Explained

Trojan Farfli Is a Minor Pest

Trojan Farfli Is a Pest

Trojan Farfli Is a Minor Threat

Trojan Farfli Is a Medium Threat

Trojan Farfli Is a Threat

Trojan Farfli Is a Minor Danger

Trojan Farfli Is a Medium Danger

Trojan Farfli Is a Danger

Trojan Farfli Is a Major Danger

Trojan Farfli Is an Extreme Danger

IT Notes

Grey Box Testing

Black box testing

White box testing

Types of white box testing

Error Message: Procedure Entry Point Not Found in Msvcrt.dll File

SYMPTOMS

CAUSE

RESOLUTION

OCS Inventory ERROR: can't write in directory (on dbconfig.inc.php)

Setup LAMP + OCS Inventory

Apache

PHP

MySQL

Get Ride Patches XP

Install dansguardian, tinyproxy, and firehol

How to uninstall and remove webmin

Dansguardian Can't locate Compress/Zlib.pm from Webmin

How to: Install Network Monitoring Tool (Nagios+Nagmin+Webmin+Mysql+Apache2+RRDTool+NMAP) on OpenSUSE 10.2

Originally Taken Fromhttp://opensource-2u.blogspot.com/2007/08/how-to-install-network-monitoring-tool.html

How to: Install Network Monitoring Tool (Nagios+Nagmin+Webmin+Mysql+Apache2+RRDTool+NMAP) on OpenSUSE 10.2

The Art and Science of Web Server Management

Originally Taken From

http://opensource-2u.blogspot.com/2007/08/how-to-install-network-monitoring-tool.html