Silicon Technix

A great song to help you find ur innerself
Enigma – Return to innocence (Kalami Mix)

Alizée – I'm Fed Up (English Version of "Jen ai marre" French)

I'm fed up!

Bubbles and water
Legs up for hours
My goldfish is under me
To bathe for hours
Makes my mouth water
I'm "foamely" ecstatic
It's not a problem
I lazy 'round
Bubbly and stubborn

I lazy 'round
Melon and water
Is just a dream
It makes me wonder
Is it a "sin" ?
Bubbles and water
Legs up for hours
"Bombs", you keep away from me!
Today lying low
Twisting up my toes
I swim in such harmony
So what bothers me:

Chorus :
I'm fed up with loneliness
With my uncle overstressed
Fumbling, crawling for something
That never shows, just a dream.
I'm fed up with creeps crying
Over the past, such a sin
Not to be cool, but a fool
If I could mess up their rules.
I'm fed up with your complaints
Baby, well I'm not a saint!
Fed up with the rain, the plane…
That makes me throw up again.
I'm fed up with all cynics
Bathing caps and all critics
I'm fed up with being fed up! Poor me !

Bubbles and water
Legs up for hours
My goldfish still under me!
Delight of pleasures
Aquatic treasures
A place out of misery, my fantasy

If you are a torrent lover like me then you need to read this.

Unfortunately, a day before yesterday (13th September, 2011) uTorrent’s (tiny and very stable torrent client) web servers were compromised by a hacker. This happened at 4:20am PST, and uTorrent’s web server team didn’t take the hacked server offline until 6am PST. The problem is, the hacker replaced the uTorrent Windows client with a fake antivirus executable. So anyone who downloaded the client during that 1 hour 40 minute period was actually downloading malware unknowingly.

The malware in question is called Security Shield, and is a well-known rogue anti-spyware program. It will pop-up a professional looking app screen on your desktop that lists fake infections after doing a fake scan. It then offers to remove them if you pay for the full-version of the “security suite.”

If you were unlucky enough to visit utorrent.com and download the Windows client during couple of days, then you’ve probably already seen the Security Shield software pop-up and run on your machine. You need to remove it asap check your PC with some good Antivirus other wise read this page [bleepingcomputers]

uTorrent has now apologized and managed to get their servers back online after removing the rogue files. If nothing else this should act as a reminder to everyone to ensure any files you download from the Internet are scanned with a reputable security scanner before being run, as clearly you can’t trust legitimate sites all of the time.

Comodo is one of the largest SSL and Code Signing Certificate provider, some Comodo certificates were hacked earlier this year and now ComodoHacker  claimed hacking DigiNotar a Dutch Code Signing/SSL provider company.

Meanwhile, the fallout from the hack continues. DigiNotar has, in effect, lost its status as a trusted root certificate authority. Its certificates have been blacklisted by Microsoft, Google, Mozilla, and Apple.

With this hack the hacker can intercept all encrypted communications of Windows Update and other microsoft services, Gmail , Mozilla based  and Apple services without user knowledge.

Also Microsoft and Firefox  just released a security update to block all DigiNotar based certificates. (Kindly update your systems now)

ComodoHacker also justifed his attack on the Dutch certificate authority by blaming the Dutch for the murder of 8,000 muslims at Serbian hands in Srebrenica; "It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government."

Here is the Interview of the Iranian Hacker who was behind Comodo and DigiNotar hacking.

Hi

I have received around 25 interview requests, I'll give response to all requests, I'll give interviews to all.

Just to make some points which I see around in internet about me and in some interview questions:

a) I'm single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, I'm not one who should explain.

b) This attack was really more sophisticated than simple Stuxnet worm. 0-days? I already have discovered similar bugs, trojan? I already wrote most sophisticated undetectable ring0 and ring3 rootkit (works together), signing certificates? huh, man! I have around 300 code signing certificates and a lot of SSL certs with again code signing permission, look at Google's cert, I have code signing privilege! You see? I owned an entire computer network of DigiNotar with 5-6 layer inside which have no ANY connection to internet, I have so much to explain, but later… You have to wait!

c) I still have access to 4 more CAs, I just named one and I re-name it: GlobalSign, StartCom was lucky enough, I already connected to their HSM, got access to their HSM, sent my request, but lucky Eddy (CEO) was sitting behind HSM and was doing manual verification.

d) I'm able to issue windows update, Microsoft's statement about Windows Update and that I can't issue such update is totally false! I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and… Simply I can issue updates via windows update! You see? I'm so smart, sharp, dangerous, powerful, etc. huh?

I'll talk about more stuff later. May I also start a web hacking course for Anonymous and Lulzsec and friends of them, Rootkit development for Stuxnet developers, 0-day vuln. assessment in Windows and Linux environment for Stuxnet developers and other hackers too. huh? What do you think?

Dutch government is paying what they did 16 years ago about Srebrenica, you don't have any more e-Government huh? You turned to age of papers and photocopy machines and hand signatures and seals? Oh, sorry! But have you ever thought about Srebrenica? 8000 for 30? Unforgivable… Never!

I heard also that Dutch government tries to gather documents and make a compliment against Iran, really? Shame on you man! Have you been in court for Srebrenica? Who should file compliment for Srebrenica? You should pay, these are consequences of Srebrenica, just know it! This is consequence of fighting with Islam and Muslims in your parliament.

WOOOOORLLLLDDD! Wait for me, you have so much more SHOCKINGS to see from me! From a person who came to this world just 21 years ago! JUST WAIT!
 

Pakistan newspaper The Express Tribune reports from Karachi that the country's telecommunications regulator is pressing ISPs to comply with recent regulations which restrict the use of end-to-end encryption.

Any technology which conceals communications and prohibits monitoring, it seems, is off the menu.

The Tribune quotes a letter sent to it by an ISP which had been warned by the regulator:

    In line with [the Monitoring & Reconciliation of International Telephone Traffic] Regulations 2010 and national security, [the Pakistan Telecommunication] Authority prohibited usage of all such mechanisms including encrypted virtual private networks (EVPNs) which conceal communication to the extent that prohibits monitoring.

The letter continues by reminding the ISP:

    It is observed that the aforementioned directive has not been followed in true letter and spirit as EVPNs are heavily being used on the Licensees Network.

This concern over the inability of law enforcement to intercept or prevent communication between criminals and militants will no doubt resonate in other countries – notably in the UK, where services such as BlackBerry's instant messaging came under the spotlight after the recent riots there.

Unfortunately, however, an internet in which encryption was banned altogether would be even more dangerous than what we have today.

You've probably heard the gun lobby's truism that "if guns are outlawed, only outlaws will have guns." Yet there are many countries where private ownership of guns – handguns, at least – has been heavily regulated or even banned outright without a concomitant increase in gun crime.

It's tempting, therefore, to argue that if we can ban guns without endangering society, despite the vigorous warnings of a vocal minority, we can do the same with cryptography. Perhaps "if crypto is outlawed, only outlaws will have crypto" is just the crazy slogan of a bunch of libertarian survivalist cypherpunks with something to hide?

The problem is that banning every sort of 'communications concealing' technology online would destroy the very fabric of the internet's law-abiding use. There would be no SSH, no SSL, no TLS, no HTTPS. There would be no WiFi security. Online commerce would implode.

Whether the private ownership of weapons is as big a threat to society as some like to make out is an argument for another day, because cryptography on the internet isn't like handguns in the suburbs.

In most developed countries, you don't routinely need to pack a Browning Hi-Power when you visit your local bank branch. (Even in countries where that's legal, the bank would probably make you lock it in a safety deposit box at the entrance, anyway.)

In contrast, you do routinely need to use an SSL-protected tunnel to the bank when you transact online.

Significantly, the bank needs you to do so, as well. And if you don't, you're actually playing into the hands of the crooks.

So the next time you hear a nanny-state advocate oppose the general availability of strong crypto on the grounds that "if you've got nothing to hide, you don't need to hide anything", don't just sigh in dismay.

Confront them with the inanity of their remark. (Unless they've got a Browning Hi-Power. In that case, give a little smile and leave as soon as you can.)

* If you have nothing to hide, then it doesn't matter whether you choose to hide it or not, does it?

* Online, you do have things to hide. And if you and the rest of us don't hide it as a matter of course, the cybercrooks will plunder our economy more seriously than they're doing already.

In short, if you want to do away with online crypto, you're making things easier for the crooks, not harder. And that, I'm sorry to have to say, is a truism.

Take cryptography seriously. Protecting your own online assets helps protect everyone else, too.

Sources:
http://tribune.com.pk/story/240736/virtual-watchdog-internet-users-banned-from-browsing-privately-for-security-reasons/
http://nakedsecurity.sophos.com/2011/08/29/pakistan-move-against-online-crypto-a-dangerous-idea/?utm_source=facebook&utm_medium=status%2Bmessage&utm_campaign=naked%2Bsecurity

Have you ever got used to a Firefox or Thunderbird addon that you really like, or just can't live without, and then a new version of either Firefox or Thunderbird is released, and suddenly your addon no longer works?

Of course, the generally recommended way is to search http://addon.mozilla.org for a new version, but sometimes when you try to update your addons, you find there is no new version, or it seems like nobody is maintaining the addon any more. I tend to live on the leading edge of new Firefox releases, I want the new features, I want the latest, and I want it now, so I quite frequently hit this problem. Fortunately, there is an easy way to keep using your favorite addons, usually with little or no risk.

The summary for those who just want to skim and jump in:

• Download the addon file you want to update
• Rename the addon archive file to add .zip to the end
• Extract install.rdf
• Edit install.rdf, find and change maxVersion, save the change
• Pack install.rdf back into the install archive
• Rename the file back to it's original .xpi name
• Install using File, Open

The detail for those who need all the steps:
You will need only two free tools to help you do this job, the totally free 7-Zip or some other ZIP file management utility and hopefully knows how to use it. The other tool is a simple text editor. Microsoft's Notepad will do, but any other text editor will work if you have any particular preference. My preference is NotePad++ which is a good free programming and general purpose text editor.

A warning is the first important note here; always backup your Firefox or Thunderbird installation directory before doing any "hacking". While a problem is extremely rare, problems can happen, and you will only have yourself to blame if you don't take appropriate precautions before making any unsupported changes. I won't take any responsibility for any problems you inflict on yourself through sharing with you what I do on my own computer(s). It is often a good practice anyway to backup your installation directory before installing any new addon, just because you never really know what can happen, though usually by the time anything is approved and available for public download on http://addon.mozilla.org, it has been fairly well tested by others and proved to be safe. At the very least, before following my tips here, backup your profile and addons directories by making a copy of them to some other location on your disk. If you don't know how to do that, or don't know where your profile and other directories (folders) are, I don't suggest you try my tricks. Read Gizmo's article How to Back up Mozilla Firefox and Thunderbird, in which among other things Gizmo mentions using tools such as MozBackup which shields you for knowing how to do it manually.

Once you have taken your backup, the first step is to find and download the latest version of the addon you want, and download a copy to your disk. Remember, at this point you can not simply click the Install link, because you know the installer will tell you the addon is unsupported for your version of Firefox or Thunderbird, which is more than likely why you are reading this article! Normally, you would click the Install button, but in this case, you want to save the file to disk, so right click on the install (or Add to Firefox / Add to Thunderbird) button, and then click 'Save Link As'. Choose a location on your disk, make a new folder if necessary. The file you download will be named something like better_gmail_2-0.6-fx.xpi. On rare occasions you may find that when using Firefox, you just can't click 'Save Link As' for some reason. Try a different browser, you may have better luck saving the file when the browser itself is not capable of actually installing the addon.

Having saved the addon, you will need to extract one file named install.rdf from it, make a change, and then pack it back into the file. Since the addon is just a zip file containing all the supporting files necessary for the addon, the easiest way to extract files is to rename the original by changing the .xpi extension to .zip, or by simply adding .zip to the end of the file name temporarily. You will need to extract the install.rdf file from the zip file, edit it, and then put it back in again, so if you're not comfortable with these tasks without me describing them in great detail, don't try. Ask somebody else who is comfortable using zip to extract a file and pack it back in again to help you with this process.

Once you have the install.rdf file extracted, open it with your text editor, and look for lines like the ones listed below. Many addons don't have these lines, so they are not checking for specific versions, and you should not see any incompatibility messages.

    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>1.0</em:minVersion>
        <em:maxVersion>3.0</em:maxVersion>
      </Description>
    </em:targetApplication>

The part you need to change is the line with the maxVersion setting. As long as I am running Firefox 3.0.1, this addon should work for me, but when I upgrade to 3.1, or 4, it will no longer work. The next step is to change the maxVersion setting to at least the version you are currently running, I usually just change it to 9.0 which means I can run any version that will be released for some time to come.

    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>1.0</em:minVersion>
        <em:maxVersion>9.0</em:maxVersion>
      </Description>
    </em:targetApplication>

If your install.rdf looks really weird when you open it, and seems to have just a few lines that look really long, and don't all display on the screen, don't panic. Most likely, the addon programmer has used a Unix or Linux system to create the files, or they have used an editor that does not automatically wrap lines. The Unix or Linux option may be the more likely of the two, and if you don't know what I mean by line termination characters and vi, explaining more would only confuse you even more. Either way, some Windows text editors will know what to do with a non-typical Windows text file, Notepad will not, so if you see just a few long lines, just use Ctrl F, or click Edit, Find, and then type maxVersion. All you need is to find this setting, change it, and save it. Don't worry about the strange file formatting.

After making the change, save the install.rdf file, pack it back into the addon zip archive, and rename it back to it's original name ending in .xpi. The last step is to actually install it, and to do this, rather than browsing to http://addon.mozilla.org, simply click File, Open File, select your modified .xpi file and click the Install Now button. At this point, unless you made any mistakes or any other problems were detected during installation, your addon is installed and will be ready for use when you restart Firefox. The procedure is same for Thunderbird addons.

As I said, problems are rare, however you don't know everything the programmer did when writing the addon, so monitor everything carefully until you are sure everything is functioning as it should. There may be specific features in different releases of Firefox or Thunderbird being used by the addon programmer which might really make the addon incompatible with a newer release. In general, unless there is a major change, most things should be safe. The real point is, be careful, and keep backups so that you don't have any reason to curse yourself for making the change, and me for telling you how to do it.