The Misadventures of Penoi

 

Microsoft Windows 7. Real or Fake??? you be the judge of that!!! if this is real, will it be an early end for Windows Vista?? just like what happened to Windows ME.

See all screenshots at Windows7screenshots.com

 

Rachel introduced me to Lucky Me Jjamppong. It is a cup noodle with an extra spicy flavor which is good for those need-to-work-sleepless-nights snack.

 

This is my first time to use Paypal and it was not good at all. Paypal keeps on rejecting my payment eventhough i still have enough credit limit left in my Credit Card. To think of it, it accepts 50%  initial payment to my merchant. Now i need to settle the remaining 50% which again gives me the "This payment cannot be funded with a credit card at this time." error message.

Bad news for the Filipino bloggers. Starting January, Google Adsense will no longer support referrals from the Philippines. Hopefully it will not be a start of banning the Philippines in Adsense.

Nessus is a free, up to date and easy to use vulnerability scanner. You can find the official documentation of how to install Nessus here.

Download and install Nessus rpm package from the Nessus download page

[root@nessus chris]# rpm -ivh Nessus-3.0.6-es5.i386.rpm
Preparing... ########################################### [100%]
1:Nessus ########################################### [100%]
nessusd (Nessus) 3.0.6. for Linux
(C) 1998 - 2007 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
- You can start nessusd by typing /sbin/service nessusd start

[root@nessus chris]#

Add the first Nessus user, it will be the admin account

[root@nessus chris]# /opt/nessus/sbin/nessus-add-first-user
Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------

Login : admin
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :

User rules

----------

nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :

(the user can have an empty rules set)

Login : admin
Password : ***********
DN :
Rules :
Is that ok ? (y/n) [y] y
user added.

Thank you. You can now start Nessus by typing :

/opt/nessus//sbin/nessusd -D

Start Nessus service daemon

[root@nessus chris]# /opt/nessus/sbin/nessusd -D &
[2] 1454
[root@nessus chris]# nessusd (Nessus) 3.0.6. for Linux
(C) 1998 - 2007 Tenable Network Security, Inc.

Processing the Nessus plugins...
[##################################################]
All plugins loaded
[2]- Done /opt/nessus/sbin/nessusd -D

[root@nessus chris]#

Obtain your Nessus registration code in the Nessus website and register your nessus installation.

[root@nessus chris]# /opt/nessus/bin/nessus-fetch --register putyourregcodehere
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

[root@nessus chris]#

If you want a Windows-based Nessus admin console. Download and install Nessconnect

Singapore  IT Security Seminar
Training Fee: P 59,500.00 (+VAT)
Holiday Inn Hotel, Singapore
March 13-14, 2008 | Thur-Fri  |  9am-5pm

 

Fee includes: Airfare (Roundtrip), Hotel accommodation (sharing) for 2 days and 1 night, food, 6 training manuals and 6 Global Knowledge certificates.

 

TOPICS:

 

System Forensics, Investigation & Response

- Mr. Ariel Ilumin, enCase Certified, CIDG Philippines

           

Do you know what to do if your organization's security is compromised? Threats of computer crime against an organization's infrastructure have grown substantially, but there are steps you can take. In this course, you apply the latest Windows-based computer forensic techniques to uncover illicit activity and recover lost data. Every crime leaves behind clues. With the right tools, you can effectively respond to and counteract security threats.

 

Network Penetration Testing & Ethical Hacking

- Mr. Ariel Ilumin, enCase Certified, CIDG Philippines

 

Find Security Flaws Before the Bad Guys Do

Security vulnerabilities such as weak configurations, unpatched systems, and botched architectures continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise's security stance.

 

Assessing and Security Wireless Networks

- Mr. Eric Macatunggal, CCNA, Wireless Technology expert

           

As organizations provide greater mobility to their users, the risk of threats to security grows and the need for secure wireless networks becomes of paramount concern. In this course, you gain the skills to defend against attacks and maintain security within your wireless network. You learn to detect weakness in your existing network and design and configure a cost-effective security solution.

 

Securing Windows

- Mr. Wilbert Ontoy, MCSE, MCSA, Oracle Certified, Certified Ethical Hacker

 

The Securing Windows course is a comprehensive curriculum for securing Windows networks. This program brings the confusing complexity of Windows security into clear focus by starting with foundational security services, such as Active Directory and Group Policy, and advancing in a logical progression to particular products or features which rely on these foundations, such as IIS and IPSec.

 

 

Securing Oracle

- Mr. Wilbert Ontoy, MCSE, MCSA, Oracle Certified, Certified Ethical Hacker

 

Experts agree that Oracle is one of the most complex software packages available today. Unfortunately, complexity often introduces an increased risk for vulnerabilities. These vulnerabilities are being increasingly targeted by attackers.

 

Throughout the course the student will be exposed to the database as seen through the eyes of an attacker, including public and unreleased techniques that are used to compromise the integrity of the database or escalate a user's privileges. In this fashion, the student gains a better understanding of how an attacker sees a database as a target, and how we can configure the database to be resistant to known and unknown attacks.

 

Securing Unix / Linux

- Mr. Mike Liguit, Linux expert, Network Security specialist

           

The courses designed to teach individuals about securing Linux and Unix. Content is obviously dictated by course duration, but a good course will instruct the student about the various threats to the *nix platform and the countermeasures that can be brought to bear to defend against them. In most cases the student would be expected to have a reasonable understanding of *nix and be able to navigate around it.

           

Experience in-depth coverage of Unix security issues. Examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems including vulnerabilities in the password authentication system, file system, virtual memory system, and in common network protocols such as NFS, NIS, and the Unix RPC mechanism. Learn the exact steps necessary to secure the two most common Unix flavors-- Solaris and Linux-- and get specific advice for securing some of the most common Internet services on the Unix platform, including Apache, WU-FTPD, Sendmail, and BIND

 

Terms: Schedules are subject to reconfirmation.

 

Register Now!

 

Global Knowledge Associates, Inc.

2502B West Tower, PSE Bldg. Exchange Road, Ortigas Center, Pasig City, Philippines

Tel. Nos. (632) 683-0969  |  637-3657

Mobile: (0921) 532-8150; (0918) 314-0542

Email: sandra@globalknowledgeph.com; sandra_medalla@yahoo.com

URL: www.globalknowledgeph.com

One way of bypassing internet perimeter is using Internet Proxies, but there is another way of surfing anonymously by means of TOR networks. Xerobank incorporated TOR networks and Firefox in its XBank browser. It also offers services of high speed browsing from 200kbps, 1,500Kbps and 40Mbps bandwidth. You can also install XeroBank browser in your USB stick and have your privacy any where you go.

One disadvantage of this technology is empowering users to bypass corporate Internet Security which is a major threat. There are many ways of how to out-smart your IT guys, but it will be an endless cat-and-mouse chase :)

oh my!!! my google was redirected to Nederland by XeroBank browser

 

 

Crisis Core Final Fantasy VII scheduled for its USA release on March 25, 2008. Characters present are Zack Fair, Jenova, Professor Hojo, Sephiroth, Aerith Gainsborough, Tifa Lockhart, Yuffie Kisaragi, Cait Sith, and many more.

I once played final fantasy VIII on Playstation One because of its famous soundtrack " Eyes on Me" and as always, a FF game sure is a smash hit for gamers.

Introducing the free Spiceworks IT Desktop. Designed, tested and used by 200,000 IT pros in 194 countries. Spiceworks has the everyday IT features you need:

• Automatic PC and software inventory and IT asset reporting to simplify your job.


• Network monitoring and troubleshooting to keep things running smoothly.


• An IT help desk for your company that's easy to use and the fastest-growing IT community.

Arnel Pineda in CNN



Goodluck Arnel Pineda!!! Goodluck Journey on your new album!!!

Backup your Server's files to a remote host using rsync

Setup SSH RSA Authentication

#ssh-keygen -t rsa
#scp .ssh/id_rsa.pub user@remote-host:/user/
#ssh user@remote-host
#cat id_rsa.pub >> .ssh/authorized_keys

Make sure that .ssh/authorized_keys has the following permission

-rw-r--r-- 1 user user 393 Jan 9 09:45 authorized_keys

Backup your folder to a remote host using rsync

rsync -avhe ssh --delete /folder-to-backup user@remote-host:/backup-folder

 

For an automated backup, use cron. For other rsync command switches, refer to the documentation or issue the command "man rsync"

 

 

Another not-so-good American Pie Movie. I will not consider Beta House as a legacy of the famous cult-favorite American Pie Series(American Pie, American Pie 2 and American Wedding). Beta House is all about the Stifler's with their Beta Delta Xi House Fraternity , the Geeks Fraternity, boobs, strippers and more Sex.

Rating: Not Good

Want to surf the net anonymously??? use Proxybeat.com list of available proxies in the internet. Or, you can use proxybeat's list in your URL filter's/black lists

I celebrated my bday with Rachel last Friday in SM Mall of Asia(MOA). After Don hen, we spend our time in Big apple whole body massage. Now that was a relief after days of stressful work.

Penoi in Don Henricos

 

 

Penoi Before

 

Penoi After

I need a tool that can list all of my server's vulnerabilities. Sigvi does it all. Although the process is not yet automatic. It will compare the vulnerabilities that it has received from Common Vulnerabilities and Exposures (CVE) with the softwares that we installed on our servers.

"SIGVI is an Open Source application, under GPL license.

Basically, SIGVI is an application to detect vulnerabilities on our network.

It is not magic (still ...), simply compares the vulnerabilities that it has received from the sources with the software that we have installed on our servers. Those vulnerabilities are stored into the database creating a vulnerability repository.

When finds a software version that is vulnerable, it creates an alert and send notifications to all the administrators of this server.

The SIGVI has been (and is being) developed at UPCnet, from Politechnical University of Catalonia (UPC), Spain."

Tired of using Google in searching hard to find documents(doc,pdf,ppt, etc)??? try using Scribd!!!

" Scribd is a Silicon Valley startup creating technology that makes it easy to share documents online. You can think of Scribd as a big online library where everyone can publish original content, including you!

Part of the idea behind Scribd is that everyone has a lot of documents sitting around on their computers that only they can read. With Scribd we hope to unlock this information by putting it on the web."

Proud to be Pinoy!!! Been watching this clip the whole day in Youtube. What a great singer!!!! Another reason to be proud of being a Filipino.