Wednesday, September 28, 2011

seems everyone's having a facelift these days


blogger dynamic views, originally uploaded by bR!@n.

blogger just released a new layout template! a welcome change with everyone changing stuff up recently.. the magazine view seems to be my favorite so far (though i can't get my headline picture to work just yet).


blogger's dynamic views offer 7 different ways readers can view you blog. each offers a different way of exploring your page and will present readers with different features; infinite scrolling, keyboard shortcuts, lightbox viewing, sharing buttons for google+, twitter, and facebook. the views can highlight pictures or text and will open up your blog history making it easy to be explored by others.


there are still a few bugs here and there and customization is still limited, but they said they will add (and fix) more stuff in the coming weeks.


so try out some of those views right now (why not). just click on them on the upper left side of the page. ;p

Sunday, September 25, 2011

pasakalye


tayabas church, originally uploaded by bR!@n.

Mentioned in my first post here about an art first post appreciation class back in college. Well I found those pictures and posted them on flickr. Also found this thing that I wrote for the class about the trip. Totally didn't finish it. ;p


...


Alas kwatro ng madaling araw... nagising akong nanginginig sa ginaw ng umaga. Tahimik ang buong bahay. Walang maririnig kundi ang ingay ng aking mga paa. Tumalon ako pababa ng aking higaan, nag-iingat na hindi magising ng aking pagbagsak ang aking Lola na nasa ibabang kama. Nag-init ako ng tubig, naligo, at kumain ng dalawang pirasong pandesal na tira pa kahapon ng umaga... Nasanay na akong hindi kumain ng agahan bago umalis ng bahay, ngunit iba ang araw na ito... Malayo-layo din ang Quezon. Kailangang hindi gutumin sa mahabang biyahe. Maya-maya pa'y nakagayak na ako at palabas na sa pintuan, isinara at tuloy-tuloy na lumabas ng bakuran...


...

Madilim pa ng aking tinahak ang daan patungong sakayan... Ang mga bituin lamang ang nagsisilbing ilaw sa malamlam na daan. Tahimik at payapa... Marahil ay mahimbing pa'ng nagsisitulog ang mga taong maya-maya lamang ay pupuno na sa daan.
...


Sumakay ako ng dyip paluwas ng Maynila. Ipinaabot ang bayad sa katabing mamikit-mikit pa ang mga mata, bakas pa sa mukha ang antok, halatang nais pa sanang ituloy ang nabiting tulog. Ilang sandali pa ay nagsimula ng umusad ang dyip at dahan-dahang naramdaman ang ihip ng hangin sa labas... Nagsimula na ang umaga...
...


Papasikat na ang araw ng ako'y dumating sa pinagkasunduang lugar. Marami-rami na ring tao ang doo'y aking naabutan. Tulad ko, sila rin ay mga estudyante ng unibersidad. Unti-unting nagliwanag ang paligid. Isa-isang hinagkan ng init ng araw ang mga dahon ng bukang liwayway.
...


Ilang sandali pa ay dumating na ang dalawang bus na aming sasakyan. Sumakay na ang lahat at kami'y tumulak na sa aming patutunguhan...
...


Tahimik ang buong biyahe. Marahil ay dahil wala pa akong masyado kilala sa aking mga kasama. Walang masyadong mapagkwentuhan kundi ang aming natatanging dahilan ng pagsadya sa lugar na ito.
...


Ilan sandali pa ay nakarating na kami sa aming unang patutunguhan. Inilabas ko na ang aking dalang kamera at sumunod sa mga nauunang mga estudyante... Isang lumang simbahan ang bumati sa aking paningin pagbaba ng bus.
...


Tahimik akong naglakad papasok ng bakuran. hindi alintana ang mga taong kasabay sa paglalakad, tinitingnan ang buong paligid... matiyagang naghahanap ng bagay na kukunan.



...

Wednesday, September 21, 2011

android, stating the obvious


an android in the work place, originally uploaded by bR!@n.


The Android platform is quickly becoming the “Windows OS” for mobile in the sense that it is topping the list of targets for mobile malware (much like Windows is for the desktop/server world). Why are malware writers so keen to targeting this OS compared to other platforms? What can users and developers do to improve the situation?

It’s a popularity contest.

Much like in Windows, this principle has been regarded as the main driving force that malware writers are supposed to be following when selecting their target platform. The more users an OS has, the higher probability they have of a successful infection. Though there have been live attempts at multi-OS malware, history has proven (as of the moment) that the idea is too complex to be in practical use. The large population of Android users is just what the attackers are looking for; more infected devices means more profit.

Many can argue that iOS has more users, but popularity is not the only variable in the formula.

The loose Market.

The official Android Market is loosely monitored compared to its iOS counterpart. The Apple AppStore has been known to give developers a rigorous acceptance process before allowing their apps to be posted online. The Android Marketplace, shall we say, is more forgiving. Third party sites are also found everywhere in the internet giving the malware writers more places to offer their malicious apps.

Factor in to this the fact that Google has made the Android SDK open to the public. This gives any one patient enough to learn, the ability to scrutinize the platform’s inner workings and in the process identify vulnerabilities just waiting to be exploited.

The Android Market is relying heavily on end users to do their own filtering. Users are expected to read their application permissions before installing apps from the market, but to non-techie folks this is just one extra button to press “ok”. Google can do a better job of filtering these apps themselves or if this is just too much for them, at least switch those texts with simple icons informing users of the common permissions being used by the app (because pictures are just prettier to look at than letters ;p).

Rooting is acceptable.

Rooting your device has its good and bad points. A rooted device is capable of far more functions but this also compromises the OS’s security check points that protects it from malicious attacks. Apps are given higher priviledges and are allowed to do more critical tasks making it more vulnerable.

Rooting your device is now very much accepted compared to the earlier days of jailbreaking an iPhone. In fact, in most cases, it has become a necessity. The wide variety of android devices and its fast paced development has made rooting a viable option rather than purchasing a new divice just to get the latest Android release. Custom firmware that allows old devices to run updated Android versions can be seen everywhere.

...

Given the rise of mobile malware (the Android platform getting the bigger bite of the pie chart), users are advised to exercise precaution. Almost all entry vectors of these infections are user installed or are allowed by users. Mobile malware (at least for the time being) are relying heavily on social engineering to trick users into getting infected. At this point, prevention is still within the end user's powers and being critical about what gets into your device is key to ensuring that you will have less chance of getting infected.

You can get more information on Android-based threats here: http://blog.trendmicro.com/a-snapshot-of-android-threats-infographic/

Monday, September 19, 2011

explore.


Bangui Windmills, originally uploaded by bR!@n.

i'm used to finding myself in unexpected places. just seems everywhere is a weird place to be. a welcome surprise every time. i would get somewhere and look around and see how everything just beautifully fits in. then i realize, how do i belong in all of this? i would see everything as they are, perfectly in their place. and i guess i'm just there to see the pretty picture they paint. an observer, always outside looking in. no.. better an explorer, always wanting to see everything there is to see.

Friday, September 16, 2011

Malware Evolution



a piece of the puzzle #DefCon19, originally uploaded by bR!@n.

The news and discoveries under the Stuxnet attacks have practically opened the gates to a whole new generation of malware. It has shown complexity, technique, and most importantly intent that has never been observed before in the antivirus industry. It, most probably has, given birth to the term APT.

Malware History


DOS
Back in the days of DOS, computer security was as easy as keeping your computer lab doors locked. Computers played very minimal part in our lives and businesses and was seen as just a tool for crunching numbers or drafting and printing out documents. But nevertheless, this simple setting has produced the very first types of malware that we can still see today; trojans and viruses.

Trojans are programs often intended to do malicious things on your computer. Back in the day, malicious intent on a computer just means showing annoying stuff on screen providing the malware writer bragging rights for the world to see.

During these times, these machines are mostly isolated and access is limited to people around its vicinity. The virus is the first type of malware to exhibit propagation capabilities. It is a complex program that is able to attach itself to another program without destroying the host, thus the name virus. With this capability, it is able to spread to different computers without the user's knowledge. Every time the host program is executed, the virus code is executed as well, enabling it to infect other files and deliver its payload.

The DOS era has seen very few malware compared to their numbers today. Viruses, specifically, are limited simply because they are very hard to code. Creating just a single virus will take skill and dedication, not to mention the needed advance knowledge in binary file structure and operating system intricacies.


Windows, The Internet, and Electronic Mail


With the dawn of Windows came the rise in popularity of High Level Languages. Computer Science became a popular subject and the software industry became a big business. Suddenly, computers started playing bigger roles in our everyday lives and one of their major contributions was their part in improving communications.

The internet has made sharing information faster. It also brought electronic mail to the masses and with email came spam and worms. This new method of propagation by means of email has given the malware writers the ability to spread their malicious programs faster and farther, reaching thousands of computers in different parts of the world in just seconds. The number of malicious software multiplied because of the boom of Computer Science. High level programming languages are easier to learn compared to the assembly machine language and more people started coding.

More and more computers started to get connected to the internet and thus more endpoints are accessible to attackers. One other type of malware that was created to take advantage of this interconnectivity is the backdoor. Backdoors have basically one mission, to install itself in computers and give control to the malware writer. Once in control, the attacker can do anything in the system from stealing information, to accessing the local network. Given worms and backdoors, attackers now have the basic tools for hacking.


Web 2.0


As the internet grew, it became largely available to everyone and with Web2.0 (internet content by the users) more and more people started going online on a regular basis. Websites became the next big thing and scripting was put on the spotlight being the dominant programming language used on the internet.

With its popularity, websites became a major delivery vector for the modern malware. Drive-by infections and cross-site scripting were effective enough that even users just surfing the internet get infected by viewing websites. Malware delivered through these techniques came to be known as web threats.

A grey area in the malware landscape, at some point, also started to popup, giving rise to adwares and spywares. These two types of malware were initially seen to be not as harmful as the other types; adware being a script or program displaying ads on your computer and spyware being a monitoring application that sits in the background sending information to servers about your computer use habits. But eventually they were proved to be unwanted programs by users and were categorized as greyware.


Organized Cyber Crime


With all of these different types of malware coming out, people would think that the antivirus industry has already got their hands full. But things are just starting to get organized in the malware writing community. Blended threats. The bad guys suddenly decided to work together and combine these different malware techniques. We no longer see individual malware files, but multi-component malware infections. We suddenly encounter malware infections that arrive through a drive-by, propagates through the local network by a virus installing each infected computer with a backdoor, which then sends out worm emails to every person in the local address book. All of these actions hidden to the user by a rootkit component.

People started seeing profit in the malware business. It is no longer about bragging rights, but getting rich. They start to invest money, people, and skills. These efforts produced the different packers and malware kits that gave the malware community the abilility to speed up malware creation and multiply the number of malicious files exponentially. They started to mass produce much like a business factory, giving the antivirus community one big headache.


Advanced Persistent Threats


Now we are at the dawn of a new malware breed. The next stage in its evolution. After organized cyber crime, the underground malware organizations are now starting to get hired.

Before, they earn money by spreading their malware to as many computers as possible, installing backdoors, which came to be known as BotNets. They are then free to steal information from the infected machines like usernames, passwords, telephone numbers, etc. and sell them on the black market to the highest bidder.

But nowadays, they are starting to take a role more like of an assassin. Why would they take their chances in malware propagation, when money is sure when you get hired to do a single job? One task to do, one target, and they get paid. This is the concept of a targeted attack.

Now, underground organizations are honing in on this milk cow and they are continually improving on their craft, making the new generation of malware more dangerous. They have one task to accomplish. They are focused and most probably will stop at nothing until they finish the job. The name gives a clear definition to what type of malware we are dealing with today: Advanced Persistent Threats.

Advanced:

These are not your ordinary programs coded by a lonesome engineer. These bad boys are assembled components much like how big programming companies are making their software. Every component is crafted by a team with high specialization on the specific task of the component, be it a rootkit module, the propagation module, or the payload.

The "advanced" term also doesn't just pertain to the malware creation process. It can also describe the amount of research and planning involved in executing the attack. Identifying entry points, the kind of security the target has, what parts are vulnerable, etc. Everything done is for the purpose of achieving the goal. The difficulty this brings is that almost nobody knows what the end goal is until they start doing it.

Persistent:
Everything they do is for one goal. They will never stop until it is accomplished. Probably because they will not get paid otherwise, if they're the underground malware organization. If they are not doing it for money, then they will just have the same, if not more motivation. Their plan A will always have plans B and C and they will have multiple attempts at an attack as long as they know they've not been found out.

Threat:
Of course, the threat part is the actual payload. This type of malware attack will always have a harmful intent towards its target and thus will always be considered a threat.



Conclusion

With the evolution of malware threats over the years, no one could have predicted that it can go this far. The changes that were seen in their different generations are just proof that they evolve along with the advancements in computer technology. Though they differ in technique, they do have one thing in common; they will always need a target. And one observation that can be seen throughout its history is that the malware goes wherever its target's entry point is; from file infection, to email, to websites, and now even mobile devices.

As we continue to use technology in our daily lives, there will always be the risk of infection and malware files will continue to exist. It will always be there to remind us that security should not be taken lightly. They will continue to evolve and adapt, as long as they can find vulnerabilities in our technology that can be compromised.


Saturday, September 3, 2011

we were kings


on his way home..., originally uploaded by bR!@n.


2pm.. once, used to be my favorite time of day. because at that time, all the grown-ups are asleep. and the only children around are the ones that dared to sneak away from being put into bed for the afternoon nap. so i know i was in good company. the streets will be so quiet at first, but as soon as we know that they are already dreaming, the streets are ours! for the next hour or two, the world will be ruled by children.. certain type of children.. the brave ones. we will play our hearts out under the blazing heat and fear no one, because for those precious minutes the world was ours.. and then eventually people start waking up. and as soon as we smell the delicious miryendas being prepared, we start running back to our houses, being the children of our parents once again.

ten years after


4th year MIDES, originally uploaded by bR!@n.

Stumbled onto my old multiply blog and found this one to be worth reposting here.


When we were young, we thought we knew exactly what we wanted to be. During pre-school, I wanted to be a fireman. Then I grew up and realized, what the heck was I thinking? (“,)

The point is we always have our goals. Then life happens, and we loose track. We make decisions everyday that takes us closer to the person we will be. That person isn’t always the one we want… but what happens is we compromise and take what we can get. I personally think that the stage we know exactly what we want us to be, is during that last year in high school (when life was a blur and everything happens too fast).

You see, everything was even up to that point. Everybody had a fair chance. We had our whole lives ahead of us and the world was an “oyster” apparently (according to Ross, whatever that means). It was that year that we decided who we wanted to be, built our goals and started to dream. I guess I could say it was the time we decided to grow up and make our own lives.

That was a very big crossroads and everyone went their separate ways to try and chase that life. We were young optimists that faced life head on... But I guess we were too young to realize what the future really had in store for us.

Ten years after, here we are… still lost in this world, trying to find their place. I would like to think that a few of us already made it. But for those that are still adrift… well that’s life. We will eventually find our way and kick ass. But until then, the world can wait for our awesomeness some other time. ;P