2. For windows user (me):
1. Create one account with low privilege such as guest or user. Use this account as your daily usage.
1.  Go to Control Panel
2. Select User Account
3. Create new account
2. Turn on MS Window Firewall and setup auto update.
3. Use Firefox as your browser
1. add noscript plugin - disable javascript from automatically run. Protect from browser exploit.

4. Change your browser user string to something else. This will fake yourself from the hacker.
IE: http://www.pctools.com/guides/registry/detail/799/
Firefox: http://johnbokma.com/mexit/2004/04/24/changinguseragent.html

5. Use SysInternal software as your monitor system. Use TcpView and Process Explorer to monitor your process and internet connection.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

6. Use PortMonitor from nsways.com/software to monitor networks. But it’s still alpha so wait for next release.

7. Uncheck “Hide Extensions…” in Folder Options->View. Know what you clicking.

8. Never open anythings unless you 100% trust that file. That include file send by your family or friend or co-worker. Trust no one.

That’s all for now, I will update the list soon.

http://doc.cat-v.org/henry_spencer/ten-commandments

This is a great list of suggestion any C/C++ developer should keep in mind when they design and code.
1. The more feed back you get from the compiler, the greater you learn about your code.
2. Null pointer are just evil.
3. no comment
4. no comment
5. no comment
6. You shouldn’t be paranoid as there are some thing you cannot control.
7. Reinvent the wheel only create more problem. Use what is proving, and fix what you must.
8. Clean code is everything.
9. no comment
10. no comment.

Feature planning on next release:

• Add drag and drop
• Use Sleuthkit to access Filesystem.

Known bug:

• SHA256 is not working

The phone itself is still usable as the face is broken only. However, the battle scar seem to be a little too much.

I call the evil empire (Apple) to see if they can fix the phone for a small fee. They give me two option, one is to replace it with another one for $200, or cancel my service and get another phone for $200. I decided to call AT&T to see if there’s any other option, and they also give me two option. One is to replace it for $200 or get a Nokia basic phone for free. The Nokia is a very basic phone so it’s pointless to get it as I can’t use my data plan.

There are two option for me right now that they didn’t give. One is to fix my phone by myself (there are other service that fix the iphone for me but it would cause more then $200). Or I could cancel my contract which cause me $175, which allow me to get away from the evil empire all together.

My plan is to try to fix it by myself using my limited engineering skill with my careless hand and impatient personality. I have 40% chance of success. If not, then Gphone will be next.

I will update the result this weekend.

A few month ago, I receive an e-mail from a spammer with a title of “Video of Angelia Jolie XXX video,” knowingly what expected in the url, I click safely on the url. The site look similar every standard video player website like youtube. The video listed contain an explicit picture which only waiting for me to click on the play button to get the next frame. So I clicked. Once I click, a message pop up asking me to download Adobe_Player9.exe. So what else for me to do? I click it.

Behavior analysis:
Adobe_Player9.exe : MD5: 5c15d4b98a8af9d3f80d11e5876c65e0
Once executed, the malware unpack three file to c:\windows, file include 9129837.exe and new_driver.sys. The malware setup an autorun with a key name “ttool” in CURRENT_USER registry. And execute 9129847.exe
Once 9129847.exe executed, it load the new_driver.sys which is modify the kernel call to hide 9129847.exe from detection.
The malware does more and more but overall this is the behavior of the malware.

Remove and Detect:
A simple way to detect if you don’t have an Anti-Virus software like me is to check what in the registry by run “msconfig” and look up autorun, if there’s a value execute 9129847.exe, delete it. And reboot your system. Once reboot, go to c:\windows\ and delete this two file.

The new:
This week I found a few malware using facebook and other banks name as a way to distribute the malware. Even though the malware does contain different packer, the behavior of the malware are identical to the above malware with slight modification. To test how strong our security is, I upload the malware to virustotal.com, and found out, one or two of total 33 Antivirus detect this malware. Maybe the test is wrong since I am not sure if virustotal keep up with the update or their test is valid. But it is pretty sad to see only two unpopular antivirus software detect the malware while the rest wait to get infected. Someone
need to enlighten me on this.

Some sample MD5
Adobe_Player10.exe : bb1c0a7b83e60609fb63cce9bb85ee38
Adobe_Player11.exe : 353a2425e8632cfb6d75bf1b192ac9a7
****digicert.exe : 650c240b68e4275686c29586a2925fc7

Tips on how not to get infected:

1. Do not open anything unless you trust the file.
2. Turn off javascript in your browser as the default, turn on only if you know it’s safe to use.
3. Do not open anything unless you trust the file.
4. Don’t open anything you receive unexpectedly, include from your love one.

Answer to the old respond:
Some would say stop using MS Window and just use Linux or Mac.
It does not matter what OS you use, most vulnerable component of the whole system is the human being. It’s easier to exploit a person then to exploit the OS. Why? well we tend to be careless, trust easily, and curiosity.

By her self
Her beautiful face
With her bigger friend

This project describe as a tool aimed at helping malware researchers to identify and classify malware samples.  This tool work similar to IDS system with a nice scripting support which allow the user to add complex signature to the rule set.