Archive for June, 2008


Biometrics commercial web resources ..

Jun 29, 2008 in Biometrics, Security

Security web resources ..

Jun 29, 2008 in Security

Secure coding standards:

Java secure coding:

selinux configuration notes..

Jun 28, 2008 in Fedora, Linux, Security

When attempting to access a resource protected by selinux, the
console will look something like this:


To see the selinux attributes of a file:

$ ls -aZ info.php
-rw-r--r--  root root system_u:object_r:httpd_sys_content_t:s0 info.php

$ ls -aZ wiki/index.php
-rwxr-xr-x  root root system_u:object_r:fusefs_t:s0    wiki/index.php

To set the security attribute – as “httpd content”, this example :

$ chcon -R -t httpd_sys_content_t /var/www/html/wiki

$ ls -aZ wiki/index.php
-rwxr-xr-x  root root system_u:object_r:httpd_sys_content_t:s0 wiki/index.php

Config for selinux is here:

$ ls /etc/selinux/
config  restorecond.conf  semanage.conf  targeted

To disable/enable selinux:

$ /usr/sbin/setenforce [0|1]

For modules, the manager might show this:

If you trust /usr/lib/php/modules/ to run correctly, you can
change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/usr/lib/php/modules/'" You must also change the default file
context files on the system in order to preserve them even on a full
relabel. "semanage fcontext -a -t textrel_shlib_t

The following command will allow this access:chcon -t textrel_shlib_t

If you want httpd to allow database connections you need to turn on
the httpd_can_network_connect_db boolean: "setsebool -P

The following command will allow this access:
setsebool -P httpd_can_network_connect_db=1

To restore configuration:

$ restorecon [-F] [-vv] [file|folder]

The ‘-F’ option forces context restoration.

‘restorecon’ (on Fedora rel 8 – Werewolf) is a link to ‘setfiles’.

PostgreSQL installation notes..

Jun 26, 2008 in Database, PostgreSQL

On Linux:

1. $ [/sbin/]service postgresql initdb

2. $ [/sbin/]service postgresql start

3. The “initdb” procedure will create user “postgres”.

4. Change /var/lib/pgsql/data/pg_hba.conf

from this:

# "local" is for Unix domain socket connections only
local   all         all                               ident sameuser
# IPv4 local connections:
host    all         all          ident sameuser
# IPv6 local connections:
host    all         all         ::1/128               ident sameuser

to this:

# "local" is for Unix domain socket connections only
#local   all         all                               ident sameuser
local   all         all   trust
# IPv4 local connections:
#host    all         all          ident sameuser
host    all         all  trust
# IPv6 local connections:
#host    all         all         ::1/128               ident sameuser
host    all         all         ::1/128  trust

5. Restart postgres

$ [/sbin/]service postgresql restart

6. Test access:

psql -U postgres (no password)

Useful Excel tips website ..

Jun 25, 2008 in Microsoft, Office

Many useful bits of info.. like ‘Results without a formula’, ‘Generate random numbers’, ‘Add hidden text to formulas’ (add notes) and more..

Design Patterns – Factory pattern (Creational) basic example..

Jun 20, 2008 in Engineering, Software

This pattern allows the application to defer to runtime the decision of which
object from a related set to instantiate .


abstract class Pizza {
    public abstract double getPrice();
class HamAndMushroomPizza extends Pizza {
    public double getPrice() {
        return 8.5;
class DeluxePizza extends Pizza {
    public double getPrice() {
        return 10.5;
class HawaiianPizza extends Pizza {
    public double getPrice() {
        return 11.5;
class PizzaFactory {
    public enum PizzaType {
    public static Pizza createPizza(PizzaType pizzaType) {
        switch (pizzaType) {
            case HamMushroom:
                return new HamAndMushroomPizza();
            case Deluxe:
                return new DeluxePizza();
            case Hawaiian:
                return new HawaiianPizza();
        throw new IllegalArgumentException("The pizza type " + pizzaType + " is not recognized.");
class PizzaLover {
     * Create all available pizzas and print their prices
    public static void main (String args[]) {
        for (PizzaFactory.PizzaType pizzaType : PizzaFactory.PizzaType.values()) {
            System.out.println("Price of " + pizzaType + " is " + PizzaFactory.createPizza(pizzaType).getPrice());

CISSP TOC – Part 3 ..

Jun 19, 2008 in CISSP, Security

Chapter 9. Law, Investigation, and Ethics 4

Intellectual Property Law 8
Patents 8
Copyrights 9
Trade Secrets 9
Sale and Licensing 9
Privacy Law 10
Government Regulations 11

Criminal Law and Computer Crime 12
Computer Security Incidents 15
Advance Planning 15
Computer Crime Investigation 16

Legal Evidence 19
Credibility or Weight of Evidence 19
Proof of Authenticity 20
Hearsay 20
Best Evidence Rule 20
Chain of Evidence 21
The Fourth Amendment 22
Computer Forensics 22

Computer Ethics 28
Case Study: Cross-Examining the Forensics Expert 30
Case Study: Proving Copyright Infringement 31

Chapter 10. Physical Security 45

Classifying Assets to Simplify Physical Security Discussions 49

Vulnerabilities 51
Selecting, Designing, Constructing, and Maintaining a Secure Site 53
Site Location and Construction 53
Physical Access Controls 54
Active Physical Access Controls 55
Passive Controls 55
Power 57
Power Issues: Spikes, Surges, and Brownouts 57
Minimizing Power Problems 58
Environmental Controls: Air Conditioning, Humidity, and Temperature 59
Water Exposure Problems 60
Fire Prevention and Protection 60
Tape and Media Library Retention Policies 63
Document (Hard-Copy) Libraries 64
Waste Disposal 66
Physical Intrusion Detection 69
Table 10.2. Sensors and Other Detection Mechanisms 69

10.1. The Airports Council International Exercise 75

Weigand access control tech ..

Jun 18, 2008 in Security

What is Weigand technology? Some sort of access control system..

Here is a note on this:

While searching for info on Weigand, found notes on hacking these types of devices:

CISSP Resources ..

Jun 17, 2008 in CISSP, Security

Ch. 1 – Access Control
Ch. 2 – Telecommunications and Network Security
Ch. 3 – Security Management and Practices
Ch. 4 – Applications and Systems Development Security
Ch. 5 – Cryptography
Ch. 6 – Security Architecture and Models
Ch. 7 – Operations Security
Ch. 8 – Bus Cont Planning (BCP) and Disaster Recovery
Ch. 9 – Law, Investigation, and Ethics
Ch. 10 – Physical Security



* tcpdump, a tool for capturing and dumping packets for further analysis, and WinDump, the Windows port of tcpdump.
* Wireshark (formerly Ethereal), a graphical packet-capture and protocol-analysis tool.
* Snort, a network-intrusion-detection system.
* ssldump, an SSLv3/TLS analyzer. It decodes SSL records and displays them to stdout.
* Nmap, a port-scanning and fingerprinting network utility
* the Bro IDS and network-monitoring platform.
* justniffer, a tcp/http packet sniffer. It can log network traffic in a ‘standard’ (web server like) or in a customized way.
* URL Snooper, locate the URLs of audio and video files so that they can be recorded.
* Kismet, for 802.11 wireless LANs
* L0phtCrack, a password auditing and recovery application.
* NetworkMiner, a network forensic tool that extracts transferred files and identifies operating systems.
* Xplico, open source Network Forensic Analysis Tool (NFAT).
* iftop, a tool for displaying bandwidth usage (like top for network traffic)
* EtherApe, a graphical tool for monitoring network traffic and bandwidth usage in real time.
* Bit-Twist, a libpcap-based Ethernet packet generator and editor for BSD, Linux, and Windows.


* Tripwire
* Backtrack