quote:

The tool that I wrote assumes a spike of recently deleted files (shortly before the last unmount). It does NOT deal with a corrupted file system, only with accidently but cleanly deleted files.

Tool doesn’t recover in place so it only needs read access to file system (it does NOT work on live file system), so this could be used for forensics as well.

Howto also includes detailed overview of ext3 file system, this is probably next best thing to looking at the source code of ext3 fs directly. Worth a read even if you haven’t had any accidents with rm :)

Of course if Carlo Wood had more recent backups of his work it would make his life a lot easier, but we wouldn’t have this nice guide and useful tool as a result.

via Ryan Tomayako

This is nothing new, just for my reference, so I don’t have to hunt it down every time I need it.

   import httplib
   import urllib2

   # For urllib it's enough to do
   # httplib.HTTPConnection.debuglevel = 1
   #
   # but for urllib2 we have to:
   handler =  urllib2.HTTPHandler(debuglevel=1)
   opener = urllib2.build_opener(handler)
   urllib2.install_opener(opener)

Sources: python docs, Jamie Grove, python mailing list

and Mark Pilgrim’s Translation From MS-Speak to English of Selected Portions of Joel Spolsky’s “Martin Headsets”

My personal favourite:

” Or maybe they won’t… in which case, IE is going to lose a lot of market share.”

I know IE is going to continue to lose a lot of market share, and I’m publishing this now so I can blame you dirty fucking hippies for it later.

Several reasons:

• Some ISP’s lock their cable/ADSL modems to single MAC address ( usually your router), if for some reason you need to connect some other machine to that modem you need to change MAC address on that machine.

• Security and privacy. Each ethernet and WiFi card has its own MAC, that can sometimes be traced back to you. By changing your MAC you can prevent that.

NOTE: While most ethernet ( all ?) support changing MAC, there are some WiFi cards that do not.

NOTE: In the following text I have used eth0 as an example of network interface. Replace it with the interface of the card whose MAC you want to change.

To list all interfaces: sudo ifconfig -a

There are several ways to change your MAC.

General Linux

Works on most Linux boxes.

First we bring down the interface:

ifconfig eth0 down

then we change the MAC:

ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx

and we bring back the interface (static):

    ifconfig eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255
    ifconfig eth0 up
    route add default gw 192.168.0.1 eth0

or with dhcp:

/sbin/dhcpdc eth0

Ubuntu

On Ubuntu the procedure is dependant on weather you use NetworkManger or not.

Without NetworkManeger

First edit /etc/network/interfaces and change:

    auto eth0
    iface eth0 inet dhcp

into:

    auto eth0
    iface eth0 inet dhcp
        hwaddress ether xx:xx:xx:xx:xx:xx

After making above changes you need to restart networking with:

    sudo /etc/init.d/networking restart

With NetworkManeger

Create new file /etc/network/if-pre-up.d/macchange

#! /bin/sh

# $IFACE - provided by NetworkManeger 
/sbin/ifconfig $IFACE hw ether xx:xx:xx:xx:xx:xx

# If we use macchanger from http://www.alobbs.com/macchanger/
/usr/bin/macchanger -e $IFACE

After saving the above file we make it executable:

    sudo chmod +x  /etc/network/if-pre-up.d/macchange

And thats it. NetworkManeger will call our script each time before it brings up the interface.

Random MAC’s

Macchanger can be used to generate random MAC’s.

Insted of using ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx you can use macchanger

Example:

    macchanger -m xx:xx:xx:xx:xx:xx eth0

Random MAC example:

    #Random MAC of the same kind (wifi, ethernet)
    macchanger -a eth0
    #Random MAC from same manufacturer 
    macchanger -e eth0
    #Fully random MAC
    macchanger -r eth0

Nmap has undergone many substantial changes since the last major release (3.50 in February 2004) and they recommend that all current users upgrade.

The changelog is huge. My personal favorite is revriten scanning engine, not only is it faster but its also less memory hungry (I have a lot of old machines set up for testing, routing and firewalls).

Also worth mentioning is improved service(and version) detection, and os fingerprinting.

Links:

• Slackware package
• Changes since 3.50
• Brief options and example usage
• Documentation for remote OS detection/fingerprinting
• Remote service detection (Diferent from OS detection, this can determine for example whitch version of Apache or Ssh are you running )

From TheRegister Mailbag

Lester, Possibly the most frightening thing I have ever seen on this web of ours: Search Tiananmen from Google Images: http://images.google.com/images?q=tiananmen Search Tiananmen from Google China: http://images.google.cn/images?q=tiananmen Colin Jackson

Can’t say I am suprised thoug, Google is afterall just another Coorporation, interested only in their bottom line. And the “do no evil” is just interesting marketing ploy (or posibbly illusions of google creators)

Well it seems that besides some graphic code, wine is chathching up or even beeting windows at running windows apps :)) To me, it is amazing that wine beats windows at even one bentchmark.

read more | digg story

My favortie is:

“Yes, that’s very nice and all, but does it scale?” !*&%#@@$!!!