Wednesday, January 26, 2011

How To Create Speech Bubbles For Screenshots In GIMP


Previously we have looked at some tutorials for anyone, new or advanced, to try his/her hand at creating artwork in GIMP because it CAN accomplish phenomenal works, especially in conjunction with other open-source software. Here’s a fun tutorial to cartoonify photos in GIMP (like you see in ads all over the web), here’s another one on creating image maps, and there’s also one on creating a zoom effect on screenshots. I’m certainly really excited about GIMP if you can’t tell already.
As a GIMP enthusiast, I learn mostly from following online tutorials over and over till I don’t need the instructions to repeat the steps anymore. That’s how I learned to do the zoom/magnifier effect, which I badly needed for some of my screenshots. Here’s another such tutorial that’s out of necessity for anyone that blogs and needs to point at and annotate some part of the screenshot.

The speech bubble design is actually inspired by the annotations you can get in Screenpresso, which means that if you want a faster way to get these speech bubbles, your best bet would be to download and use Screenpresso. I’m enamored with FastStone Screen Capture v. 5.3 so to avoid having two programs that do the same thing, I decided to just create the speech bubbles with GIMP. Here’s what I found works for me in terms of creating these speech bubbles in a relatively short time.
  • Once you have GIMP open, you can either open the screenshot that you want to annotate, paste it from after pressing PrintScreen or create one by going to File > Create > Screenshot.
  • Using the Text tool, create the annotation text in your desired size and font.
  • Before creating the actual speech bubble, make sure you have your text in the desired layout (preferably, all polished up with your desired gradients or effects) as we now need to enclose it within the bubble and won’t be able to change the text layout later. Create a new layer, name it ‘bubble’ and under Layer Fill Type, pick Transparency, and click OK. Now pick the Rectangle Select tool, double-check that in the Tool Options dialog box, the mode is set to ‘Replace the current selection‘ and create a rectangle around your text. For a nice touch, also check the ‘Rounded corners‘ box under Tool Options. I’m using a radius of 11.6, but feel free to change it according to your preferences.
create speech bubbles gimp
  • Now we’re going to make the tail of the speech bubble to point to the interesting part of the screenshot that you annotated. Use the Free Select tool, then under Tool Options, pick ‘Add to selection‘ instead of the default … and click on 3 different spots (try to make the lines as straight as you can) before going back to the original point to finish the selection to shape the triangular tail of the speech bubble. The first and last spot should be inside the bubble.
gimp speech bubble
If you want to undo these lines, just press Escape.
  • Use the Bucket Fill tool, set opacity on 35 under Tool Options and fill with red (I’m using #f41010) or any other bright color that’s not on the screenshot already so viewers can immediately notice the bubble.
gimp speech bubble
  • Now let’s give this bubble a drop shadow. Go to Filters > Light and Shadow > Drop Shadow.
gimp speech bubble
  • Set both Offset X and Offset Y to 0, leave the Blur radius to the default 15, raise the Opacity to 100 and uncheck the Allow resizing box before clicking OK.
  • Now for the bubble’s glow, create a new layer with transparency, just like we did for the bubble, but name it “glow”. You should still have the selection active from the previous drop shadow step. Go to Select > To Path to save this outline.
  • Then use the Rectangle Select tool, and under Tool Options, make sure the mode is set to ‘Subtract from the current selection‘. Create a rectangle over the bubble portion opposite to the one that has the tail, which in my case, is the upper portion of the bubble.
make speech bubble gimp
  • Now use the Blend/Gradient tool, press X to shift the white background color to be the foreground color, set the opacity to 80 under Tool Options, select ‘FG to Transparent‘ in the Gradient field, pick Linear in the Shape field if it’s not there by default already, and stroke from the tail to the side opposite to the tail.
make speech bubble gimp
  • Now for the subtle, glowy outline, go to Select > From Path. Then go to Select again > Shrink. Set the shrink size to 1 pixel, if it’s not already, and press OK.
make speech bubble gimp
  • For the third time, go to Select > Border. Type 1 pixel as the border selection size and press OK.
  • You probably won’t even notice any changes so you’ll need to either press + (Shift and the = key), go to View > Zoom (100%) > Zoom In, or use the bottom left zoom menu on the status bar, until you get to 300%.
  • Now grab the Blend/Gradient tool again. Assuming white is still the foreground color and the gradient is still set to ‘FG to Transparent‘, pick Radial instead of the default Linear from the drop-down menu in the Shape field.
  • Stroke outward from the middle of the top portion (or whichever is opposite the tail) of the bubble selection.
  • You should now see a slight white line fading into the corner. You can press Ctrl + Z to undo and Ctrl + Y to redo to really see the difference. Optionally, stroke from the top left to the center of the bubble.
  • This second stroke can actually be in any corner of the bubble as long as it’s on the opposite side of the tail. To go back to the normal view, either press 1, use the zoom menu on the status bar or go to View > Zoom (300%) > 1:1 (100%). Then go to Select > None.
  • Move the text layer by drag and dropping to the top of the layer box. You can merge down any layers to move them around.
  • This is how the end result could look like, without the optional second stroke.
create speech bubbles gimp
That’s it! If you have any tips on making these steps shorter, let us know in the comments!

Monday, January 24, 2011

برضه هاتجوز تاني

بصرف النظر عما إذا كنت أتفق مع الكاتب أو أختلف معه فهذا لا يمنع أن الكتاب يستحق القراءة
-------------------------------------------------------------------------------------------------------

الكاتب أهداه للرجل الشرقي المغلوب على أمره

"برضه هاتجوز تاني".. مناقشه ساخرة لتعدد الزوجات في مصر

كتاب "برضه هاتجوز تاني"
كتاب "برضه هاتجوز تاني"
القاهرة - دار الإعلام العربية


"سامحوني كلكم، وسامحيني يا نانا، أنا حاسس باحتياج رهيب لزوجة ثانية، مستحيل وأنا في السن ده أسمح لنفسي أغلط، لكن عارف إن جوازي الثاني هايخليني في نظركم مجرم ومفتري، وهايخليني أخسر كل حاجة، حتى أولادي، علشان كده قررت انتحر بكرامتي".

بهذه الكلمات ذيَّل الكاتب المصري الساخر إيهاب معوض كتابه "برضه هاتجوز تاني" الصادر عن دار "كيان للنشر"، مستعرضاً تجربة أحد أصدقائه في رحلة الزواج الثانية، رغم حبه الشديد لزوجته الأولى رائعة الجمال.

وأهدى الكاتب عمله للرجل الشرقي المسكين، المقهور، المغلوب على أمره، الذي استيقظ من النوم فوجد المجتمع تحول فجأة من مجتمع ذكوري إلى مجتمع نسوي، ومنذ هذا اليوم وهو يطالب بحقه دون مجيب. كما أهداه للفتيات الجميلات "وطبعاً غير الجميلات"، اللواتي تخطين الثلاثين دون أن يطرق بابهن ابن الحلال. 

وكذلك فعل بالنسبة للأرامل والمطلقات اللواتي يبحثن عن بداية لحياة جديدة، حتى لا يمتن راهبات تحت دعوى أن المجتمع يرفض التعدد. كما لم ينسَ أن يكون الإهداء لـ"الزوجة الأولى"، التي تعتقد أن زواج زوجها عليها يعني الفضيحة والخيانة والانكسار والموت، و"مش عايزه تفهم إن جوازه أحياناً يكون لصالحهما".

ثم وجه حديثه إلى الزوجات قائلاً: "والله العظيم أحيانا يكون زواج الرجل على زوجته لصالح الاثنين، أو على الأقل لصالح البيت، وأحياناً يكون لصالح الزوجة الأولى".

واحدة من إياهم

وتطرق الكاتب إلى حوار دار بينه وإحدى السيدات حينما سألها عن رأيها في التعدد فردت عليه ساخرة: "تقصد راجل ربنا إداله، قرر يفتري على الغلبانة مراته، ويتجوز عليها واحدة صغيرة من إياهم"، وعقَّب على إجابتها قائلاً: "سبحان الله، أكلاشيه جاهز كل الستات بتكرره، لما جوزها يتجوز عليها.. ربنا إداله، افترى، واحدة صغيرة من إياهم"!

وحينما رد عليها: "نحن نتكلم عن الرجل المحترم الذي يتزوج على زوجته أخرى محترمة"، ردت باستنكار: "محترم"! ومحترمة! لا طبعا مينفعش؛ لأنه لو محترم ميتجوزش على مراته اللي استحملته، ويضربها في ظهرها، ولو إن اللي اتجوزها محترمة ماكنتش ترضى تخطفه من مراته وولاده". 

فعاد ليسألها: "طيب أمَّال تفتكري ليه ربنا شرع التعدد؟"، فأجابت بلا تردد: "ربنا شرعه في حالات، يعني لما تكون مثلاً مابتخلفش، أو فيها عيب، أو عيانه، أو ملهاش قطع غيار، غير كده لأ"!!

كما أجرى لقاءات مماثلة مع عانسات، ومطلقات، وأرامل، وكان لكل منهن موقف مختلف بين الرفض القاطع، والممانعة، والقبول على مضض، وأحياناً الترحيب. فحينما سأل فتاة تجاوزت الثلاثين دون زواج إن كانت تقبل الزواج من رجل متزوج قالت: آخر صبري أتجوز نص راجل؟! 

فأجابها: "نصف رجل محترم أفضل من 100 رجل مش محترم"، فردت: "والمحترم هيتجوز تاني ليه؟ الرجالة كلها عايزه تعدد علشان عينها زايغة، وعايزه تتدلع، وفي الآخر ترمي الواحدة في الشارع"!

هنا أجابها باستياء: "مش عارف ليه الواحدة دايماً ترمي المسؤولية على الرجل؟ هي الست عمرها ما بتكون سبب الفشل"؟! ليه البنت شايفة إن العنوسة والبهدلة وطمع الناس أرحم من جواز رجل متجوز؟!

بعدها ينتقل "إيهاب" إلى أحد الرجال ليسأله عن رأيه في التعدد فيجيب: التعدد حاجة محترمة ومهمة لرجال كثيرين، يعني فيه رجالة بيكون عندها مشاعر وغرائز لا يمكن أن ست واحدة تشبعها، وفي هذه الحالة الأفضل إنه يتجوز تاني علشان يحقق الاستقرار النفسي اللي هيعود عليه بالنفع، وعلى بيته، وعلى مراته الأولانية، وإلا هايضطر يغلط، وده طبعاً له نتائج سلبية على كل الأطراف".

وأضاف: "الزواج الثاني مش شرط يكون بسبب عيب في الزوجة الأولى، لكن يكون أحيانا بسبب تقصير منها، أو جهل في معاملتها له، بمعنى إن الستات بتفتكر إن السيطرة على الرجل والضغط عليه والمعاملة الجافة تخليه مكسور وراضي بحياته، لكن العكس صحيح، لأنه بيبدأ يدور على التانية".

الرجالة غير الستات خالص

ترى من أكثر سعادة بينهم
ترى من أكثر سعادة بينهم
وتحول الكاتب إلى استعراض بعض الآراء العلمية للتأكيد على أن احتياجات الرجل تختلف تماماً عن احتياجات المرأة، موضحاً أن الرجال مختلفون عن النساء، وهم لا يتساوون إلا في عضويتهم المشتركة للجنس البشري، بمعنى أن إحساسه غير إحساسها، واحتياجاته غير احتياجاتها، وتركيبته غير تركيبتها. 

وهذا ما أكده أيضاً د. كنزي الباحث في العلاقات بين الجنسين وصاحب كتاب "السلوك الجنسي عند الذكر والأنثى"، والذي أوضح أن طبيعة الرجل تعددية في الأصل، وذلك لانتمائه إلى فصيلة الثدييات، تلك التي تميز ذكورها فقط بالرغبة في التعدد، على عكس إناث نفس الفصيلة التي تكتفي بذكر واحد، وتحقق منه الإشباع، ما يعني أن الرجل مظلوم حين اتهموه بأن "عينه زايغة"، فهذه فطرة إنسانية وليست فراغه عين!! 

وانتقل إلى رأي للدكتور محمد المهدي، المختص في علم النفس، حيث أكد أن "التعددية عند الرجل مرتبطة بالتكوين البيولوجي والنفسي والاجتماعي، فالرجل لديه ميل فطري للارتباط العاطفي والجنسي بأكثر من امرأة، ولهذا أعده الخالق عز وجل وزوده بخصائص تميزه عن المرأة، مثل طول سنوات القدرة الجنسية والعاطفية، فليس للرجل سن يأس، ولا يوجد وقت يتوقف فيه إفراز هرمونات الذكورة، ولا يوجد وقت تتوقف فيه قدرته على الحب والإنجاب والجنس".

وأضاف أن "هذه القدرات تمتد معه إلى مراحل متقدمة من عمره قد تتعدى السبعين، على العكس من المرأة التي تتوقف عندها القدرة على الإنجاب مع انقطاع الحيض، أضف إلى هذا عدم قدرتها على ممارسة الجنس في فترات مثل الحيض والنفاس وأحياناً أثناء الحمل".

وبسخرية جادة يؤكد: "أيضاً التعدد علاج نفسي للزوجة القوية المفترية، يعني أحياناً الرجل الطيب الغلبان يقع في واحدة قوية متسلطة ومتربية على طمس شخصية الرجل، هنا الحل أن يتجوز عليها، يمكن يلاقي نفسه وشخصيته مع واحدة ثانية طيبة، وفي نفس الوقت إحساس الأولى بضياعه منها "أكيد هيفرق معاها كتير"!!

وللتعدد فوائد..

وتطرق من جانب آخر إلى بعض فوائد التعدد بالنسبة للزوجة الأولى قائلاً: "غالباً الرجل لما بيعدد بيحس بالذنب ناحية مراته الأولى، علشان كده تلاقيه بيحاول تعويضها بالمبالغة بالاهتمام بها، ويمطرها بالكلام الحلو ويسعى إلى تلبية احتياجاتها، وتصرفاته معها يكون فيها قدر كبير من الصدق؛ لأنه أصبح أكثر استقراراً نفسياً، وبيكون أتخلص من شعوره بالرتابة والتكرار".

ويضيف: "أيضاً الزوجة الأولى، لو عاقلة يعني تبتدي تغيَّر من شكلها وماكياجها ولبسها في البيت، وتحاول استرداد شبابها وأنوثتها بعد إهمال طويل، دا غير مكسب مهم في حالة إن الزوج يكون أخطأ في اختيار الزوجة الثانية، ساعتها هايحس بقيمة الأولى، ويلمس الحاجات التي أتغيرت فيها، وبكده يكون جوازه الثاني فايدة لها قبل أن تكون له!!".

موانع التعدد

أخيراً وبعيداً عن الدخول في آراء علماء الدين في الإسلام والمسيحية واليهودية التي تحث جميعها على التعدد بشروط، يحدد إيهاب عدداً من الحالات التي يكون فيها التعدد برأيه "محرماً" ومنها:

• لما الراجل يكون مش محتاج أصلاً للتعدد، بس عايز يجرب وخلاص.
• لما ما يكونش عنده أصلاً دين ولا أخلاق ، لأنه ساعتها حايظلم الاتنين.
• لما مايكونش عنده القدرة المادية أو الجسمانية على فتح بيتين.
• لما يكون أصلاً عينيه زايغة، وعارف وواثق إنه هيتجوز كل يوم واحدة.
• لما مايكونش عنده العقل والقدرة والخبرة في اختيار الزوجة التانية، لأنه كده هايخبط في حيطة.
• لما يكون عنده رسالة وقضية ومشغول بيها والجواز التاني هايعطله ويشغل دماغه.
• لما الزوجة الأولى تكون مشترطة أصلاً قبل الزواج أنه مايتجوزش عليها.
• لما تكون مراته اسمها "ريهام" على اسم مراتي، وممشياه على العجين مايلخبطوش.

Sunday, January 23, 2011

Google Earth on Ubuntu 10.10

Have you ever wanted to install the latest greatest Google Earth on Ubuntu, only to find that the repository contains an old version.  Here is the solution laid out in simple to follow terminal commands.



Install sudo apt-get install googleearth-package


Then run make-googleearth-package --force

Now you should find a .deb package in your home folder ready to install.  If the install fails and your on a 64 bit machine, try this. In the terminal run sudo aptitude install lib32nss-mdns lsb then try reinstalling the .deb package.  You can also download the .deb file for version 6 beta from here http://www.google.com/earth/download/ge/agree.html


At this point you should have a functioning install of Google Earth running in Ubuntu.  If you have an ATI Video card, you probably have more problems...  You might notice that the area that is typically black with stars goes transparent on you.


Try this trick. Modify your Icon launcher to read like this: 

XLIB_SKIP_ARGB_VISUALS=1 googleearth -style GTK+ %f


The result should look like this!



Friday, January 21, 2011

6 of the Best Free Linux Digital Forensics Tools


Digital forensics is a specialist art. It allows investigations to be undertaken without modifying the media. Being able to preserve and analyze data in a safe and non-destructive way is crucial when using digital evidence as part of an investigation, and even more so when a legal audit trail needs to be maintained.

Digital forensics can be used in a wide range of investigations such as computer intrusion, unauthorised use of computers including the violation of an organisation's internet-usage policy, gathering intelligence from documents and emails, as well as the protection of corporate assets.

We have extolled the virtues of open source software in many of our previous articles. The debate between open source and closed source software has often centered on factors such as freedom, reliability, interoperability and open standards, support, and philosophy.

In this instance, open source software offers a legal benefit, as it can increase the admissibility of digital forensic evidence. This is because open source tools enable the investigator and court to verify that a tool does what it claims and makes it easier to prove that the original drive has not been modified, or that a copy has not been modified.

Linux has a good range of digital forensics tools that can process data, perform data analysis of text documents, images, videos, and executable files, present that data to the investigator in a form that helps identify relevant data, and to search the data.

To provide an insight into the software that is available, we have compiled a list of 6 of our favorite digital forensics tools. Hopefully, there will be something of interest here for anyone who needs to undertake digital investigations.

So, let's explore the 6 digital forensics tools at hand. For each application we have compiled its own portal page, a full description with an in-depth analysis of its features, screenshots, together with links to relevant resources and reviews.
Digital Forensics Tools
The Sleuth Kit Collection of tools for forensic analysis
Autopsy Forensic Browser Graphical interface to SleuthKit
Automated Image and Restore Graphical front-end to dd/dc3dd
guymager
Forensic imaging tool based on Qt
dcfldd Enhanced version of dd for forensics and security
rdd Forensic copy program

5 VPN Clients for Linux


Cisco VPN Client

Cisco's official VPN client is compatible with Cisco VPN servers. In addition to Linux (Intel), it's available for Windows, Mac OS X, and Solaris UltraSPARC. It currently supports some 64-bit platforms, in addition to 32-bit.
The Cisco VPN Client can be preconfigured for large deployments and requires minimal effort by end-users. It supports Cisco Easy VPN capabilities, which helps simplify the configuration of network security policies at the remote location.
The Cisco VPN Client is included with Cisco ASA 5500 Series Adaptive Security Appliances, except ASA 5505. If you don't already have a copy of the client, you can download it if you have a SMARTnet support contract and encryption entitlement. Otherwise, you can get the client on CD from a reseller. You may also consider using a third-party client, such as VPNC, which is discussed next.
The Cisco VPN Client works with the following products:
  • Cisco 7600/Catalyst 6500 IPsec VPN Services Module and VPN shared port adapter with Cisco IOS Software Release 12.2SX and later
  • Cisco VPN 3000 Series Concentrator Software Version 3.0 and later
  • Cisco IOS Software Release 12.2(8)T and later
  • Cisco PIX Security Appliance Software Version 6.0 and later
  • Cisco ASA 5500 Series Adaptive Security Appliance Software Version 7.0 and later

VPNC for Cisco/Juniper

This is a third-party VPN client, licensed under the GNU General Public License (GPL), for connecting to Cisco and Juniper/Netscreen products. It runs on Linux and Unix-like operating systems. This client was especially useful for users on 64-bit platforms since Cisco's official client only supported 32-bit for some time. It's supposed to work with the following VPN products:
  • Cisco VPN concentrator 3000 Series
  • Cisco IOS routers
  • Cisco PIX / ASA Zecurity Appliances
  • Juniper/Netscreen
To start a connection, you simply run vpnc as root at the command-line. To stop the connection, you'd enter vpnc-disconnect as root. It will look for the configuration file /etc/vpnc.conf or /etc/vpnc/default.conf. To use multiple configuration files, you'd enter the name of the config file as an argument. If no config files are found, it will use interactive mode and ask for configuration settings at the command-line.
Remember, all config files should be place in /etc/vpnc/, have a .conf extension, and use the following syntax:
IPSec gateway gateway.to.use
IPSec ID groupname
IPSec secret passwordforgroup
Xauth username myusername
Xauth password mypassword

If you prefer configuration via a GUI, here are a few to check out:
  • jvpnc: Java-based GUI that works with GNOME and KDE.
  • vpnDialer: A gtk2+ GUI for managing connections and configuration profiles.
  • VPNC Front End (VpnFE): GUI written in C++ and QT3.
If you're looking for Nortel Contivity support, consider VPNN, a fork of VPNC-0.3.2.



PPTP Client

The PPTP Client (pptp-linux) works with PPTP-based VPN servers, such as offered in Microsoft Windows. It's licensed under the GNU General Public License (GPL) version 2 or later. It runs on Linux, FreeBSD, NetBSD and OpenBSD. It's also compatible with the Linux PPTP Server, many ADSL service providers, and Cisco PIX.
The PPTP Client supports 128-bit stateless encryption using MPPE. It also supports on-demand or persistent tunnels using pppd, psuedo-tty support and synchronous HDLC PPP encoding.
They offer great documentation with how-tos for many different Linux distributions. Configuration can be performed via the GUI (pptpconfig) or manually using configuration files and commands.

OpenVPN

OpenVPN is an open source SSL/TLS-based VPN solution, offering both a server and client. In addition to the free community edition, they offer a premium edition called the OpenVPN Access Server. Authentication can be made via pre-shared secret keys, certificates, or usernames/passwords. OpenVPN clients are also implemented on Linux-based routers (such as DD-WRT, Tomato, and ZeroShell).
The OpenVPN client is configured via a config file (client.conf), located at /etc/openvpn. On a Linux desktop, a sample config file will reside at /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 if you installed from an RPM package. This contains settings compatible with the sample server config file, where changes need to be made based upon the server configuration. Rolling out a prefab config to your users with all the correct settings is easy since it's a plain text file, which should be located at /etc/openvpn. You must additionally replace the default ca file with the one used on the server. If you prefer certificate authentication, rather than username/password, you'll also need to replace the cert and key files with the ones generated for each user.
Once the config and certificate files are set, you can start a connection at the Terminal with the client conf file name:
openvpn client.conf
You can configure multiple connections by creating new config files with different names and specifying the file name at the command-line.

OpenL2TP

OpenL2TP offers both an open source L2TP VPN client and server, compatible with other L2TP/IPsec clients such as Microsoft Windows and Apple OS X. Their solution is designed to support enterprise and ISP environments with hundreds of sessions. For secure VPN access, the L2TP tunnels can be secured by IPSec. If you only want to use OpenL2TP for the client, you may want to disable the server functionality. The sample configuration file is located at /etc/openl2tpd.conf.

Android Trojan captures credit card details


A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers - typed or spoken - and relaying them back to the application's creator.

The team, comprised of Roman Schlegel from the City University of Hong Kong and Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and Xiao Feng Wang from the Indiana University Bloomington, call their creation 'Soundminer' - and its implications are far-reaching.

Software released for Android devices has to request permissions for each system function it accesses - with apps commonly requesting access to the network, phone call functionality, internal and external storage devices, and miscellaneous hardware functions such as the backlight, LED, or microphone. These requests are grouped into categories and presented to the user at the point of installation - helping to minimise the chance of a Trojan slipping by.

Soundminer takes a novel approach to these restrictions, by only requesting access to 'Phone calls,' to read phone state and identity, 'Your personal information,' to read contact data, and 'Hardware controls' to record audio - none of which will ring alarm bells if the app is marketed as a voice recording tool.

Once installed, however, Soundminer sits in the background and waits for a call to be placed - hence the access to the 'Phone calls' category. When triggered by a call, the application listens out for the user entering credit card information or a PIN and silently records the information, performing the necessary analysis to turn it from a sound recording into a number.

The software works for both spoken numbers, as requested by some voice-activated IVR systems and by human operators, and numbers typed into the virtual dialpad on the phone - recognising the DTMF tones and translating them back into numbers again.

As Soundminer doesn't have access to the 'Network communication' category, it's unable to transmit the data it captures - relying on a second app, called Deliverer, which exists purely to relay the data to the attacker.

Predicting that this kind of attack could take place, Google has made it difficult for two applications to transfer data to each other without the user knowing about it. Working around this, the team found that if they used Soundminer to modify hardware settings such as backlight timeout and ring volume, the Deliverer app could read those settings back without arousing suspicion - a covert back-channel that makes fooling the user significantly easier.

In the team's research paper (PDF), they suggest a defence mechanism against Soundminer: an intermediary layer that analyses input from the microphone before passing it to an application, able to detect credit card numbers and prevent their transmission to Soundminer-like Trojans.

The researchers are due to present their findings at next month's Network & Distributed System Security Symposium in San Diego, but if that's too far away - geographically or temporally - you can check out a video of Soundminder in action below.

It's been a bad day for Android, as earlier we reported on an exploit that turns a handset running the OS into a USB snooping device.

Microsoft explains Windows phone 7 'phantom data'



I do not know what is up with Microshit?
Enjoy !!! :)
-----------------------------------------------------------------------------------------------------------------------------

Microsoft has confirmed that some handsets running its Windows Phone 7 software are sending and receiving "phantom data".

Earlier this year, users complained on net forums that their phones were automatically eating into their monthly data plans without their knowledge.

Microsoft said its investigation found that most problems were caused by an unnamed "third party" service.

However, it said it was still looking into other potential faults.

"We are in contact with the third party to assist them in making the necessary fixes," a spokesperson said.

The firm also said that it was looking into "potential workarounds" until the issue was solved.

"At this point in our investigation, we believe this is responsible for most of the reported incidents.

It said that the problem seemed to only affect "a small (low single-digit) percentage of Windows Phone customers".

'Root cause'
The problem surfaced in early January with some owners of phones running Windows Phone 7, claiming that their phone was sending "between 30 and 50MB of data" every day; an amount that would eat into a 1GB allowance in 20 days.

Most complainants were based in the US.

"I received an e-mail from AT&T saying that I was close to my 2GB data limit which truly shocked me as I feel I do not use data that much," a phone owner called Julie told Paul Thurrott's supersite for Windows.

"I went and looked at my AT&T account online and noticed that my phone was sending huge chunks of data seemingly in patterns."

Another, writing on Howard Forums, said that they had noticed that the phone's "idle data usage is around 2-5MB per hour".

Microsoft has admitted that not all problems may have the same root cause and has said it was still "investigating" other potential reasons for the fault.

"We are continuing to investigate this issue and will update with additional information and guidance as it becomes available," the spokesperson said.

Windows Phone 7 was launched in October 2010 to acclaim by manufacturers and users.

It is considered the company's first credible challenge to rival operating systems from Apple, Google, Research in Motion and Nokia.

7 Best Network Security Linux Distributions


7 Best Network Security Linux Distributions: On our previous posts, we have featured several Linux distributions specifically made for hard drive data recovery and for web servers. Today, we would like to share with you another list of special purpose distros. These distributions are mainly designed to perform network security tasks such as vulnerability assessment and penetration testing in order to prevent and monitor unauthorized entry, abuse, alteration, or denial of computer network resources. Since most of these distros are available as Live CDs, you could instantly try or use them without hard disk installation.

Here are some of the best Linux distributions (in no particular order) specially made for securing computer networks:


BackTrack
Based on Ubuntu, BackTrack is considered as one of the most popular Linux distributions among hackers and network security enthusiasts. It was created by combining two formerly competing distros: Auditor Security Linux (based on Knoppix) and WHAX (formerly Whoppix; based on Slax). BackTrack is preloaded with a wide array of security and hacking tools that ranges from password crackers to port scanners. It also includes a sizable collection of exploits as well as familiar software like Firefox web browser.



Network Security Toolkit (NST)
Network Security Toolkit (NST) is a Fedora-based Live CD that is loaded with network security analysis, validation and monitoring software that can be utilized on enterprise virtual servers hosting virtual machines. Its main aim is to provide network administrators with a complete set of open source security tools. NST is equipped with an advanced Web User Interface (WUI) that is used for configuring network and security applications, automation, and other tasks. Among other features, it has a browser base packet capture and protocol analysis system that can monitor up to four network interfaces using Wireshark.



Pentoo
Pentoo is a Live CD and Live USB created mainly for penetration testing and security assessment. Based on Gentoo, it is available both as 32 and 64-bit Live CD. It features packet injection patched wifi drivers, GPGPU cracking software, and plenty of good tools for penetration testing and security assessment. Currently, Pentoo's default window manager is Enlightenment and it utilizes Linux Kernel 2.6.31.6 with lzma and aufs patches.



nUbuntu
nUbuntu (Network Ubuntu) is basically an Ubuntu system loaded with network and server security testing tools. It features some of the most well known security and hacking programs such as nmap, dSniff, Ettercap, and Wireshark. While nUbuntu primarily functions as a security-testing platform, advanced users can take advantage of it as a full-pledge desktop distro. It uses the very fast and lightweight Fluxbox window manager.



STD
Although this distro sounds very harmful, it can actually be very useful. For your information, STD stands for (Security Tools Distribution). Also known as Knoppix STD, this distro is a customized version of Knoppix and is intended for novice and professional users who are comfortable working from the command line. STD features a good number of information security and network management tools, which are divided into several categories such as encryption utilities, penetration tools, forensic tools, intrusion detection, packet sniffers, wireless tools, and password crackers.



Helix
Helix is an Ubuntu-based Live CD that is specially made for system analysis, data recovery, security auditing, and incident response. It runs in two modes: Linux mode (boots in native Linux environment) and Windows mode (runs inside a Windows system like a normal application). Helix is mainly aimed towards experienced users and network administrators who are working in computer networks that are constantly bombarded with high-level threats of security breaches and data loss.



Damn Vulnerable Linux
Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD that is intentionally loaded with broken, ill-configured, outdated, and exploitable software for educational purposes. Although DVL doesn't provide users with the usual tools for securing computer networks, it can teach and demonstrate a variety of essential security topics such as web exploitation, SQL injection, vulnerabilities in the Linux kernel and other popular user space software.



You may also share with us your favorite network security Linux distributions via comment.

Thursday, January 13, 2011

ذكاء قاضي تبوك


أورد الدكتور عبدالعزيز الخويطر حكايةً ظريفة فارسها هو قاضي في منطقة تبوك

وقال: كنت بصحبة سمو الأمير سلطان بن عبدالعزيز حفظه الله في رحلة لتبوك، في برنامج إنشاء القواعد العسكرية، وفي اثناء انتظارنا آذان المغرب

قال مدير الشرطة يا سمو الأمير دع الشيخ القاضي يحكي قصته مع زوجته غير المعلنة؟!

فطلب اﻷمير من القاضي أن يقولها

فقال الشيخ: إني قد تزوجت بخفيھ عن زوجتي الأولى، ولكنها أحسّت بذلك دون دليل، وصرت كلما أثارت الموضوع أقنعتها بأن ما تتخيله وهم.

ثم اتفقت أنا وزوجتي الأخيره على خطھ لإقناعها، ولتنفيذ الخطة ذهبت زوجتي الثانية، إلى بيتي وقت صلاة الظهر، وقالت لزوجتي الأولى: إني أريد أن أستشير الشيخ في أمراً ما..

فرّحبت به الزوجة الأولى وقالت:

ٱنتظريه، فسوف يعود بعد الصلاة،عاد الشيخ من الصلاة، وأخبرته أن امرأة في الصالون تنتظره، فدخل ومعه زوجته الأولى..

استمع الشيخ لما لدى المرأة من أمر يتلخص في:

أن لها زوجاً تحبه ويحبها، ولكنها لاحظت في الأيام الأخيرة، ما جعلها تشك أنه قد تزوج عليها وفاتحته فأنكر وأقنعها أن هذه وساوس الشيطان الذي لم يرضى الانسجام التام بيننا

وكلما أثرت الموضوع معه، لأني لا أصبر، أقنعني بأن ما أتوهمه بعيد عن الحقيقه، فقال الشيخ بعدما انتهت الزوجة الثانية من حديثها قلت لها:

إسمعي يا بنتي زوجك صادق، هذه وسوسة من وساوس الشيطان، يقدمها أمامك إذا أراد أن يفسد بين المرء وزوجه فاستعيذي منه، وأبعدي الشكوك من رأسك..

ثم قال: لماذا نذهب بعيداً، هذه زوجتي قد عشش إبليس في رأسها وأوهمها بأني متزوج، وكلما قدمت لها الأدلة اقتنعت ولكنه لا يتركها، ويعود إلى وسوستها ثم تعود إلى نفس الموضوع..

وأنا أمامك الآن أقـول:
إن كان لي زوجة خارج هذه الغرفة، فهي ((طـالق))

فقفزت زوجته الأولى، وقبلت ركبتيه وقالت: ما بعد هذا شيء، سوف ادحر إبليس، ولن أعود للشك مرةً آخرى

Description of Control Panel (.cpl) Files

I had a situation where I had to run the "Regional Setting" with out being able to open the control panel due to a security setting enforced by our IT team.

I knew that these applets are .CPL files but I do not know which one is responsible for the required aplpet. I searched Google and found this and it was of great help and I decided to share.

Enjoy!!!
-----------------------------------------
Each tool in Control Panel is represented by a .cpl file in the Windows\ System folder. The .cpl files in the Windows\System folder are loaded automatically when you start Control Panel.

Note that Control Panel files are sometimes loaded using entries in the [MMCPL] section of the Control.ini file.

The following table lists the most common .cpl files, including all the .cpl files included with Windows:

File name      Purpose
-----------------------------------------------------------------------
Access.cpl     Accessibility properties
Appwiz.cpl     Add/Remove Programs properties
Desk.cpl       Display properties
FindFast.cpl   FindFast (included with Microsoft Office for Windows 95)
Inetcpl.cpl    Internet properties
Intl.cpl       Regional Settings properties
Joy.cpl        Joystick properties
Main.cpl       Mouse, Fonts, Keyboard, and Printers properties
Mlcfg32.cpl    Microsoft Exchange or Windows Messaging properties
Mmsys.cpl      Multimedia properties
Modem.cpl      Modem properties
Netcpl.cpl     Network properties
Odbccp32.cpl   Data Sources (32-bit ODBC, included w/ Microsoft Office)
Password.cpl   Password properties
Sticpl.cpl     Scanners and Cameras properties
Sysdm.cpl      System properties and Add New Hardware wizard
Themes.cpl     Desktop Themes 
TimeDate.cpl   Date/Time properties
Wgpocpl.cpl    Microsoft Mail Post Office
    
Note that in Windows 98, the Desk.cpl file is named Deskw95.cpl in the compressed cabinet (.cab) file. The file is renamed to Desk.cpl in the Windows\System folder.

Third-party software and hardware manufacturers can add Control Panel icons to provide an interface for setting configuration options for their products. An icon appears in Control Panel when the .cpl file is placed in the Windows\System folder by the program's Setup tool.

You can create a shortcut to a Control Panel tool by dragging an icon from Control Panel to the desktop or another location, or by manually creating a shortcut and specifying the path to a .cpl file.

Note that the Sounds tool does not have its own .cpl file; it uses the Mmsys.cpl file. To create a shortcut to the Sounds tool, use the command line control mmsys.cpl sounds.

Monday, January 10, 2011

The 10 best Android hacks


The web’s massed fanboy armies will debate the relative merits of iOS and Android until the apocalypse, but there’s no denying Google’s OS wins out when it comes to customisation – and, if you’ve taken the plunge and rooted your device, then a whole load more options will become available.

It sounds like a complex procedure but, for virtually all Android handsets, it’s surprisingly easy: our own Technical Editor, Darien Graham-Smith, explained how to do it back in September, and instructions for major handsets – such as the HTC DesireSamsung Galaxy S and Sony Ericsson Xperia X10 are easy enough to find, although you’ll be taking your phone and, perhaps, your warranty, into your own hands if you proceed.

Still, that’s not to say that you need a rooted handset to take advantages of some of these tweaks – here are ten of our favourite Android hacks and tricks, rooted or not:


Replace your car’s satnav system

This will only work if you’ve got a phone that can connect over a TV-out cable – that’ll restrict you to a mere handful of handsets, including the Samsung Galaxy S, HTC EVO 4G and Droid Incredible, which is used in this video – and a car that’ll display the signal on its screen.

If you tick those boxes, though, you could be in for a money-saving treat. Why invest in a satnav, after all, when you could use Google’s own software?

It’s got undoubted pedigree: we put it through real-world road tests in the summer against many of its rivals and found it to be the best satnav option.

Satnav’s only the tip of the iceberg. Connect your phone to access your music collection, read your Twitter feed, check the latest headlines or perform any other function on your dashboard.

While Android in cars has been mooted before, no concrete models have appeared, so this is the next best thing.


Run Android on your old iPhoneApple iPhone 3G

If you’ve still got an iPhone 2G or 3G gathering dust, it can be hard to know what to do with it – after all, you’ve likely replaced that older model with a snazzy new iPhone 4.

If you’d like to experience the unrestricted pastures of Android, though – and perhaps try out apps that Steve Jobs has deemed unacceptable, such as the Wikileaks cables – then follow these steps, which begin with jailbreaking your phone.

You’re not restricted to installing Android on an old iPhone, either.

Intrepid developers have busily ensured that a whole range of devices can be hacked to run Google’s OS: from the Windows Mobile-running HTC HD2 to an old netbook.


Overclock your handset

You’ll need to have rooted before trying this trick, but it’s worth it if your phone struggles when multi-tasking or running intensive applications.

Of course, as with a desktop PC, overclocking a phone comes with risks.

The processor inside your handset’s been designed to run at a specific speed and, without any active cooling inside its chassis, running the chip at a faster pace will generate additional heat and use more power.

The versatility of these apps does mean that it’s possible to combat these symptoms by underclocking your phone’s processor, saving battery power and potentially prolonging the chip’s life in the process.


Play classic games

One potentially dubious benefit of Android’s open approach is that its market is full of software emulators for classic games consoles: a quick scan on AppBrain reveals software like SNesoid, GameBoid and Ataroid – apps that wear their retro allegiances firmly on their sleeves.
NES controller
While these tools occupy some particularly murky legal ground, that hasn’t stopped several developers creating apps to download ROMs – the software needed to play classic games. Some have been even more imaginative, with one intrepid Dell Streak owner attaching a NES controller to his device for more realistic retro gaming action.

Install Ubuntu

Why settle for just only open-source OS on your device? We suspect that this particular trick won’t work if you own older and less powerful Android devices such as the HTC Hero, but owners of newer, faster handsets might want to take a gander at this guide.

It’s an impressive trick – just imagine pulling out your Nexus One at a (very, very geeky) party and booting into Ubuntu. As neat as it is, we’re struggling to think of practical uses for this trickery.

After all, Ubuntu isn’t designed for touch interfaces and small smartphone screens could be problematic, too.

Change your look

LauncherPro
Android is the most versatile mobile OS around. Don’t believe us? Take a look at the sheer number of apps, themes and graphics that are available for customising your phone.

Numerous apps are designed to replace Android’s stock front-end or manufacturer-provided software, with tools such as LauncherProHome++ and HelixLauncher just three of many in the Market.

That’s just the start. Basic modifications like wallpaper changes can be livened up with animated backgrounds, and new icons can be downloaded if you don’t like the standard ones included with your home screen replacement.

Tools such as Beautiful Widgets have their own communities churning out hundreds of stylish skins for its software.

It’s also worth taking a gander at some of the home screens posted on Reddit’s Android forum: with examples such as thisthis and this regularly making the rounds, it’s no surprise that Google’s OS is doing so well for itself.


Install root-only apps

Rooting your phone opens it up to a whole new world of options, not least the chance to install apps that aren’t available in the regular Market.

Plenty of these allow extra control over the behind-the-scenes operations of your phone: some provide quick booting options, others allow your system to access extra memory, and more permit developers to access and edit the SQL databases used by most standard apps.

Plenty of root apps prove themselves useful in other ways. Screenshot tools will prove invaluable if you’re used to the faff of getting screenshots from a stock Android phone, which involves installing the Android SDK and jumping through several dozen hoops.

Backup tools, Wi-Fi tethering and battery-management and conservation utilities are all commonplace, too.

Root apps tend to be on the geeky end of the spectrum, but they’re very useful.

Control your media centre

Gmote
Having a smartphone means that your media collection needn’t be limited to your PC. Install an app like Gmote alongside its PC server software and you’ll see what we mean: by using Wi-Fi streaming it’ll grant access to your entire media collection.

Its slick interface makes navigating your media collection a doddle and a couple of options mean that you can choose to play files on your PC or on your phone.

It’s also possible to switch to a touchpad-style interface that allows you to take control of your PC from your touchscreen.


Open your garage door

Yes, seriously. It’s the work of one imaginative Android owner, and it’s brilliant.

Get the latest Android versions, fast

Every Android user is familiar with the seemingly endless waiting that punctuates every OS update: while Google might announce that the latest version is available, handset owners still have to twiddle their thumbs while their manufacturer and phone network tweak the software and add plenty of crapware before releasing it to paying customers.

If you’ve rooted your phone, though, then you don’t have to go through any of that hassle; instead, merely wait for an eager developer to release a ROM of the latest Android build and you’re good to go. It certainly beats waiting months for HTC to release the 2.1 update for the Hero.

Read more: The 10 best Android hacks | PC Pro blog http://www.pcpro.co.uk/blogs/2011/01/02/the-10-best-android-hacks/#ixzz1A3X8F2ag