OS X Password Generator in BASH

How do I generate random passwords on the command line using the terminal we have 2 options installing pwgen or add Bash function to create random password

Install pwgen (use Homebrew)

$ brew install pwgen

Add the following to your ~/.bash_profile

genpasswd() {
local l=$1
[ “$l” == “” ] && l=16
LC_ALL=C tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs Read More

Change Amazon RDS database timezone to non UTC

Amazon RDS is a very powerful hosted Relational Database solution. I recently came across a big annoyance with it which was not being able to set a default timezone. I had a PHP application along with several scripts talking to MySQL on Amazon RDS.

There are many solutions available around the internet like changing the code on application side and setting the timezone on every connection from the application. However, i wanted a server side solution  to ensure that the timezone is changed for every connection. It would have been hazardous if i fail to change the code even at one place in my applications/scripts.

Many places talked about using CURRENT_USER() function in a stored procedure, checking if the user is not rdsadmin, then set the timezone for that session. However, it did not work for me. Also i wanted to change timezone only for certain users in my database. So, without further discussion, i will jump straight into the implementation.

I created a stored procedure named “change_time_zone” in “mysql” database which is the default database in a MySQL installation.

DELIMITER #
CREATE PROCEDURE mysql.change_time_zone ()
IF user() REGEXP '^(user1|user2|user3)' THEN
SET SESSION time_zone = "America/New_York"
END IF #
DELIMITER ;

Read More

Enabling slow query log on Amazon RDS

The slow query log can be used to find queries that take a long time to execute and are therefore candidates for optimization. If you want to enable slow query log on your Amazon MySQL RDS instance, you need to be aware of 2 things :-

  1. To be able to enable and disable slow query log on the RDS instance. Make sure you disable it after a few mins of enabling it. It’s not advised to keep it enabled for long, especially on production servers.
  2. To be able to view the slow queries once you have enabled the log. As of MySQL 5.1.6, the destination of the slow query log can be a file or a table or both.

You are going to need to edit the parameter “slow_query_log” under the DB parameter group of your RDS instance.  A RDS instance would usually be setup with a default DB parameter group e.g. if you are running Mysql 5.5.x. your DB parameter group would be called default.mysql5.5 and so on. I believe AWS won’t allow you to modify a default DB parameter group, so it’s best to create one of your own based on one of the default ones and use that for your DB instance. Once your RDS instance is running off your custom parameter group, you can then go ahead and start modifying parameters in it.

Since not too long ago, this could only be done via the command line. But now, this can be done via the AWS Management console as well. You need to be in the DB Parameter Groups section in the AWS RDS Console. Find your Parameter group and click on it. Then click on the ‘Edit Parameters’ button.

edit_parameters_rds_console

 

Once in the edit mode, find the “slow_query_log” parameter. You might have to scroll down towards the bottom. Change this value to 1 if you are enabling it and 0 if you are disabling it. No other values would be accepted here. Read More

Apple 1sold

Apple’s first computer called Apple 1, sold at Sotheby’s auction for $374,500. The Apple 1 was made in 1976 by Steve Wozniak. Sold for $666.66 with fully assembled circuit board.

484506_669241929756350_1489316174_n

Image

Girls Are Girls

girls are girls

Hijacking airplanes with an Android phone

An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today.

hitb-plane-1

Teso, who has been working in IT for the last eleven years and has been a trained commercial pilot for a year longer than that, has combined his two interests in order to bring to light the sorry state of security of aviation computer systems and communication protocols.

By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircraft by making virtual planes “dance to his tune.”

One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircraft equipped with the technology to receive flight, traffic and weather information about other aircraft currently in the air in their vicinity.

The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircraft and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter. Read More

Huge attack on WordPress sites could spawn never-before-seen super botnet

wp_bruteforce-640x455

 

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

“These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog postdescribing the attacks. Read More

Engineering Student

A male engineering student was crossing a road one
day when a frog called out to him and said, “If you kiss
me, I’ll turn into a beautiful princess.” He bent over,
picked up the frog, and put it in his pocket. The frog
spoke up again and said, “If you kiss me and turn me
back into a beautiful princess, I will stay with you for
one week.” The engineering student took the frog out
of his pocket, smiled at it; and returned it to his pocket.
The frog then cried out, “If you kiss me and turn me
back into a princess, I’ll stay with you and do ANYTHING you want.”

Again the boy took the frog out,
smiled at it, and put it back into his pocket. Finally, the
frog asked, “What is the matter? I’ve told you I’m a
beautiful princess, that I’ll stay with you for a week and
do anything you want. Why won’t you kiss me?” The
boy said, “Look I’m an engineer. I don’t have time for a
girlfriend, but a talking frog is cool.”

Question

Interviewer:”If the Earth rotates 30 times faster,
what will happen?”

Candidate:”We will get our salary everyday” 😀
Think Greedily
Act Confidently:

Image

Portable And Disposable Speaker

portable and disposable speaker