Jan 12

Router Passwords removed from Android Market

Android, General No Comments »

Yesterday I received an email from Android Market support team saying that my application was removed due to a violation of the Developer Distribution Agreement. They explicitly say that the application could be used in an “harmful way”.

Here is the complete email:

This is a notification that the application, Router Passwords, with package ID net.davidgouveia.routerpasswords has been removed from Android Market due to a violation of Android Market developer terms. It has come to our attention that this application could be used in a way that is harmful to devices, networks, or users.

For specific policies pertaining to this suspension, please see:
Developer Distribution Agreement:
4.3 Use of the Market by You
4.4 Prohibited Actions
Content Policy:
Malicious Products

Specifically, this application allows users to circumvent the (default) password protection made available through third-party routers. We would like to emphasize that the simplicity in which a security measure is circumvented is irrelevant to the application of this Android Market Developer agreement provision.

Please fully review the Content Policies, Developer Distribution Agreement, and Business and Program Policies before you create or upload additional applications. Please also consult our guidelines on rating your application.

Please be advised that this or additional violations may result in a suspension of your Android Market Publisher account, and may also result in actions, including possible suspension, taken against any associated Android Market Publisher, AdSense, Google Checkout, or AdMob accounts.

Thanks,
The Android Market Team

Since I believe that the source of this problem is the database that ships with the application, I will launch a new one without any information. You will then be able to populate da database with information about all of your network devices.

I would also like to thank all the people who’ve helped me reach almost 700k downloads in a few months.

Stay tuned :)

PS: You can still download the application from other sources including this website. Click here.

Tagged with:
Dec 31

A (in)segurança dos routers da SAPO

Security No Comments »

Enquanto testava o reencaminhamento de portas para a minha rede interna verifiquei uma serie de factos assustadores.

Provavelmente este assunto já foi debatido pela Internet fora mas nunca me tinha apercebido. Quem tem um router wireless Thomson TG784n espero que saiba que por defeito o acesso à consola de administração está aberto a partir do exterior e como se não bastasse as credenciais de acesso são estáticas e iguais para todos! Ou seja, em vez de terem criado passwords aleatórias tal como fazem com as chaves do acesso wireless, resolveram correr toda a gente com as passwords 3!play e meo para as contas Administrator e meo respectivamente.

Resolvi então fazer um varrimento de pequena subnet onde me encontrava e constatei algo ainda mais assustador, é que esta situação é GERAL em todos (OK, talvez não sejam todos mas pelo menos os Thomson e Zyxel que testei eram)!

Os portadores de routers Zyxel fornecidos pela Sapo não só possuem credenciais de acesso semelhantes como ainda são brindados com toda a informação relativa às credenciais de acesso à Internet e Wifi completamente escarrapachadas para qualquer um ver! basta digitarem https://[vosso IP externo] para se depararem com algo como isto:

Numa análise mais cuidada ao código fonte é possível verificar que a password do acesso à internet encontra-se cifrada, mas o nome de utilizador não! PIOR… a chave de acesso ao wireless não é cifrada tal como poderão ver nesta imagem o que compromete e muito a segurança da rede!


E isto é apenas para falar do que salta logo à vista, pois há outro tipo de possibilidades como por exemplo descobrir a topologia da rede, escutar a propria rede (vulgo sniffing) ou até mesmo usar essa mesma rede como tunel para executar outro tipo de tarefas ilicitas em terceiros.

O conselho que dou é: Se possuem algum equipamento adquirido a um ISP então tratem de ou mudar as credenciais de acesso ou então bloquear o acesso ao interface de gestão a dispositivos provenientes do exterior da rede.

Não digam que não vos avisei!

Tagged with:
Sep 15

How to convert video to animated gifs from a linux console

General, Linux, Snippets No Comments »

Hi,

Today I’m going to show you a very small script that allows you to convert any video (as long as it is supported by mplayer) to a GIF.

Required tools:

* mplayer

* convert

 

mplayer is popular media player available for multiple operating systems that support a wide range of video formats. The convert tool is an utility that lets you convert between multiple image formats among other definitions.  Since the mplayer takes screenshots using jpeg format, we need to use the convert tool to do the convertion to aGIF format.

 

Copy the following code, save it to a file and change its permissions (chmod a+x) and you are ready to roll :)

 

 

#!/bin/sh
TMPDIR=/tmp/animated
shopt -s nocaseglob
if [ ! -d "$TMPDIR" ]
then
        mkdir $TMPDIR
fi
 
\rm $TMPDIR/* &> /dev/null
 
if [ $# -lt 3 ]
then
        echo -e "Usage: $0 <start> <length> <inputfile> [<with:height>]\nExample:\n$0 00:15:11 10 myvideo.avi 320:240"
        exit 1
fi
 
if [ -n "$4" ]
then
        SCALE="scale=$4"
fi
 
echo "Generating screenshots. Please be patitent..."
mplayer -ao null -ss $1 -endpos $2 $3 -vo jpeg:outdir=$TMPDIR/ -vf $SCALE &> /dev/null
if [ -f $TMPDIR/00000001.jpg ]
then
        echo "Finished generating frames. Assembling the animated GIF..."
        convert -delay 5 $TMPDIR/*.jpg $TMPDIR/output.gif
        echo "Done! Please check the $TMPDIR/output.gif"
        exit 0
else
        echo -e "Oops\! Something went wrong and the frames were not generated. Check your parameters\!"
        exit 1
fi

Just try it and let me know ;-)

Tagged with:
Sep 09

Hello world part II

Uncategorized No Comments »

This post is going to be like a rebirth of the blog. After some catastrophic events,  part of the information was lost. I will try to recover it in time.

Aug 22

Use nagios to check your raid arrays

Linux, Perl, Security No Comments »

As a sysadmin, I should always search and check for errors on every machine that I manage. Unfortunately one of them has an Adaptec 5405 which I forgot to monitor using nagios and just like Murphy’s Law says – “Anything that can go wrong will go wrong” – something went wrong and I have lost information. Not a really big problem because I have backups of everything but it could have been avoided if I had monitored the status of the Adaptec just the way I do with software raid arrays (/proc/mdstat rules!).

So I developed another simple script using Perl (again :-P ) to check the status of all the available arrays.

#!/usr/bin/perl -w
use strict;
use warnings;
 
my $adaptec_tool = "/usr/src/cmdline/arcconf";
 
my $dump = `$adaptec_tool getconfig 1 ld`;
my @raids = ();
 
while ($dump =~ /Logical device name.*?:.*?([a-z0-9]+).*?raid level.*?:.*?([0-9]+).*?status of logical device.*?:.*?([a-z0-9]+)/gsi) {
        push @raids, {"name" => $1, "raidlevel" => $2, "status" => $3};
 
}
 
foreach my $raid (@raids)
{
        if ( $$raid{status} ne "Optimal" )
        {
                print "Critical: Raid not Optimal! (Array Name: $$raid{name}, Level: $$raid{raidlevel}, Status: $$raid{status})\n";
                exit(1);
        }
}
 
print "OK: All arrays in optimal shape\n";
exit (0);

You just need to download the “Adaptec Storage Manager” to connect to the RAID card and read the status. You can use this link to do it.

Tagged with:
Aug 22

How to receive an alert everytime a website changes…

General, Perl No Comments »

I’ve been trying to learn how to use Perl to do some simple stuff whenever I just cannot use PHP. PERL is a language that I have access on every machine under my control, but unfortunately I cannot say the same thing about PHP and that is why I have decided to start learning using this ultra flexible language.

Now, the first thing I have developed (aside from the popular Hello World – LOL) was a simple script to check for website updates. This was particularly useful to check for updates on a website related to a contest.

use strict;
use warnings;
use LWP::Simple;
use Digest::MD5 qw(md5 md5_hex md5_base64);
use Encode qw(encode_utf8);
 
my $link                = 'http://www.foobar.com';
my $email_from          = 'foo@bar.com';
my $email               = 'bar@foo.com';
my $email_subject       = 'Website Changed!';
my $email_body          = 'Hello! I just want to let you know that the website ' 
                          . $link . ' have just changed!';
my $tmp_file            = '/tmp/stored_hash';
 
my $web_source = get( $link );
my $current_hash =  md5_hex(encode_utf8($web_source));
 
if(-e $tmp_file)
{
        open FH, "<$tmp_file" or die "could not open: $!\n";
        my $mod_hash = <FH>;
        if( $current_hash ne $mod_hash )
        {
                open(MAIL, "|/usr/sbin/sendmail -t");
                print MAIL "To: $email\n";
                print MAIL "From: $email_from\n";
                print MAIL "Subject: $email_subject\n\n";
                print MAIL "$email_body\n";
                close(MAIL);
 
        }
        close FH;
}
        open FH, ">$tmp_file" or die "could not create: $!\n";
        print FH $current_hash;
        close FH;

Just replace the email and link stuff to suite your needs and you are all set! Enjoy!

Tagged with:
Jul 01

Beware of domainsarefree.com promotion!

General No Comments »

If you are thinking about using domainsarefree.com to register a website, please think twice! I tried to register a domain which failed because I couldn’t find my credit card. I just thought “No problem, I will search for my wallet and register the domain later…”

Two days later when I tried to register that domain again it was already registered! And I thought to myself: “how the heck did that happen? That domain is complex with so many letters and not even related to a recent hot topic, this can’t be a coincidence!”

I don’t like to be paranoid, but after reading a few links like this one I now understand what happened.

So be aware: If you want to register a domain, either do it fast or don’t even use domainsarefree.com otherwise you will end up with a robbed domain.

Tagged with:
May 01

Buggy JAVA IDEs

Android, General No Comments »

A few months ago I got tired of using eclipse as my IDE because it is extremely slowwww, so I’ve decided to give an oportunity to IntelliJ Idea.

It seems faster than eclipse. No doubts about that. But then I came across these king of lame errors:

I’m getting tired of using such lame IDEs with basic bugs. Any alternative to develop Java/Android applications?

I wish someone could develop a Visual Studio clone for java :-(

Tagged with:
Apr 23

Alsa Sound support for HDMI audio passthrough using an Nvidia EN210

General, Linux No Comments »

This is probably a common problem among all the people trying to get audio over HDMI under Linux using an EN210 graphics card (or similar).

Even though the HDMI may appear in your available cards listed in proc (/proc/asound/cards) you will probably see that you cannot find it using the aplay utility. Just check it running the command “aplay -l”. The HDMI device isn’t listed here isn’t it?

The reason for this issue is related to the ALSA driver version 1.0.21 (or older) which is quite buggy for these graphics cards.

You can check which version you are using by executing the following command:

cat /proc/asound/version

If you get a version older than 1.0.21 then you need to upgrade it. You can check your favourite distribution’s repository for an update or you can try to compile it from source code.

If you can’t find an update, check this page: http://ubuntuforums.org/showthread.php?t=1681577

It might help you ;-)

Tagged with:
Apr 23

How to mount NTFS filesystems under 11.04

Linux No Comments »

If you are running the latest version of Ubuntu and tried to mount a NTFS filesystem you probably already know that you can’t and maybe you have even seen an error like “mount exited with exit code 21″.

This seems to be due to a bug in libfuse2 and/or fuse-utils package. To fix this temporarly you can downgrade both packages to a prior version. libfuse2 and fuse-utils version 2.8.1-1.1ubuntu2.2 seem to be OK but 2.8.1-1.1ubuntu3.2 is useless.

Just download both packages and install them:

http://launchpadlibrarian.net/60433788/libfuse2_2.8.1-1.1ubuntu2.2_i386.deb

http://launchpadlibrarian.net/60433786/fuse-utils_2.8.1-1.1ubuntu2.2_i386.deb

Don’t forget that these are 32bit packages. If you are using 64bit OS then download the needed packages.

sudo dpkg -i libfuse2_2.8.1-1.1ubuntu2.2_i386.deb
sudo dpkg -i fuse-utils_2.8.1-1.1ubuntu2.2_i386.deb

Problem solved :-)

Tagged with:
Previous Entries
preload preload preload