Review on Acer Aspire 5612ZWLMi + Debian Linux

I have been with this laptop for around one and a half month.
So it is a time to write a review on it.

Specification:
- CPU: Intel Core Duo T2060, clocked at 1600MHz. ( It is marketed as “Intel Pentium Dual-core processor T2060″ )
- RAM: 1GB DDR2
- Harddisk: 80GB
- Display card: Intel GMA950
- CD-ROM: CD-RW + DVD-R
- Network chipset: Ethernet: Broadcom Corporation BCM4401-B0 100Base-TX; Wireless: Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller
- Audio chipset: Intel Corporation 82801G (ICH7 Family) High Definition Audio Controller
- Preloaded OS: Windows Vista Home Premium

The first thing I do is to get Vista off my laptop, since it will turn some dual-core CPU into an ancient 80386…

Ok, let me save the crap for later, and comment on Linux’ support on the laptop’s various hardware. Just to note that my kernel version is 2.6.18, and I am using Debian GNU/Linux 4.0 ( Codename `Etch` )

- CPU => OK
This CPU worked quite well. Just that the speedstep wasn’t setup properly by the system by default. A few modprobe solved it:
modprobe cpufreq_ondemand
modprobe speedstep_centrino
echo ondemand > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
echo ondemand > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor


- RAM and Harddisk => Good
Of course it works.. -_-”

- Display Card => Good
Auto-detected by default. I didn’t install 915 resolution, because 1024*768 is good enough for me. Beryl worked well with this chipset.

- CD-ROM => Good
Auto-detected by default. Burn CD without trouble. ( Using k3b. )
k3b’s auto burning speed’s around 10x.

- Network Chipset ( Ethernet ）=> Good
Auto-detected by defualt. No problem till now.

- Network Chipset ( Wireless ) => OK
Auto-detected by defualt. But there are transmission power problem. Able to access the network within 10~15 meter from the access point. ( Using Linux’ native driver. )
You might also want to try the ndiswrapper driver, maybe it will work better.

- Audio Chipset => Good
Auto-detected by defualt. No problem till now

- Hotkeys => Doesn’t work
Extra keys on the laptop ( Those on the left most and beside the power button ), that provide shortcut to some functions ( Eg: E-mail, Browser, media player ) doesn’t work, but who cares? =)

- Preloaded OS => Worst + Lousy
echo “Windows Vista” > /dev/null ; install linux

Is it just in TJC, or systems all over Singapore is like that?

This post’s regarding various security holes I see in the schools’ computer system. Please note that I am not trying to hack the school’s system. ( I promised Mr. Low that I won’t. ) This is posted here in the hope that they will fix it. Also, I did not actively audit the system, these are just some that I come across without auditing.

Wireless system
When I first came into Temasek Junior College, I met the IT assistance/manager ( His name is Yang Le, or however it should be spelt ), and he bet with me that I cannot retrieve the schools wireless password. He also claimed that the password is secure, because it is long…

However, a standard WPE password must be 26 character long, and is made up of hexidecimal. Therefore, his password is as strong as all the other WEP passwords. His claim of his password being more secure is a false claim.

Anyway, the bet is still on, so that day, I spent half an hour coding a simple keylogger on my previous laptop, a Compaq Presario 1500. It took me 5 minute to start up my comp, another 5 minute to start up Visual Studio 2003, and another 7 minute to create a new project. ( That laptop retired just one month ago, since it is too old. )

A keylogger’s done in 10 minutes time, abusing the GetAsyncKeyState() API is quite fun indeed. I am quite amazed that one of my classmate, S??????n recognized that it is C++ language. ( Name censored for privacy. )

I keylogged him ( The IT Assistance ), and obtained the wireless password. Which is just as what my classmates found out from our senior, the factory defualt for 3com wireless accesspoint.

Later, I talked to Mr. Low, the IT manager ( or whatever position he held. ). He told me that it is the factory defualt, not for security, but because it is troublesome to change every of the accesspoint in the school.

The nature of wireless network allowed every single computer on the network, or in some circumstances, any computer within the range of the transmitter, to recieve what everyone’s talking about on the network. Since the signal’s transmitted into the air.

With this nature of wireless network, information is easily accessible. Therefore, the extra security measurements need to be in place.

The e-learning portal – The MaTrix
I am quite pleased that the e-learning portal have a basic form of encryption in place to prevent password from being transmitted as plain text. They also ensured that the password cannot be derived from what is sent across the net.

How they achieved this is described below:
1. When the login page is displayed, the server generate a seed and send you.
2. When you login, the password is encrypted with digestive algorithms like md5. Furthermore, to prevent brute force of md5 with precomputed table, the salt/seed is added to the password.
3. Together with the username and seed, the password in the form of hash is sent to the server.
4. The server md5 the password from the database, with the seed, then compare the result to the one recieved from your browser.
5. It set the cookie if it matches.

The method is quite good, but not without weakness:
1. We now know that the passwords are stored in plain text, which is not a good practice. ( Maybe not, seemed that the password’s passed md5() twice… )
2. We don’t need the password to login, we just take the hash, username, and seed ( that we obtain by some ways ), then we can send it to the server like how legitimate logins are made, the server would acknowledge the login, and we are in.

To fix no. 2, the server should set a timeout for each seed.

The Student Portal
I am quite pleased that the student portal is taking the same strategy as The MaTrix, md5 the password before it is send onto the net.

Yang Le ( Or however his name may be spelled. ) did a good job in writing the Student Portal. It is more advanced in security than the MaTrix, as it made use of the ASP Session ID properly.

I dare not say that the Student Portal is secure, but I would say that it is secure comparatively to the MaTrix.

There is a vulnerablity in the staff/student directory page, that allowed arbitrary remote SQL code execution. By submitting a specially crafted string as the keyword, the attacker can do anything to the database, that includes… sadly… drop database;.

To fix it, the search page should convert special characters, such as “‘”, “:”, “;”, into escaped form, eg: “\’” ( Examples in this sentense is without the double quotation — ” )

Another vulnerablity with the student portal is that the search page doesn’t not limit the interval of your search query. This could be a potential vulnerablity to DDOS, probably given the power of 2 to 3 computer, any attacker can crash the Student Portal SQL server or even the web server, if they are the same box.

To Yang Le, in case he is reading my blog: I am waiting…. For a proper legal statement of the student portal.

After all, I have not even started. This is just some bugs that I spotted while in school. Perhaps I will start the real auditing when Mr. Low give me the permission…

————————————————————
The weird thing about my blog is that it does not have any link to other’s blog, eg: my classmate’s blog.

My blog is going to have a link section!

Those who want to be linked, please leave a comment.

For h4xx0rs, I don’t want to link your “life” blog, sorry. Techical blog only. ( A mixed one’s alright.. perhaps… )

Some info on cryptography

Erm, first of all, this blog is NOT dead, I didn’t post for quite sometime is because I am really busy with my school works…

Seemed that many doesn’t know how to verify files….

Many’s impression of crytpography is that you have a key, that you can use to encrypt and decrypt. Like this:
“This is a message” ==> Encrypt with Key ( 561173 ) ==> “VGhpcyBpcyBhIG1lc3NhZ2U=” ==> Decrypt with the same Key ( 561173 ) ==> “This is a message”
( This is just a demo, erm… no Base64 is harmed?! )

The above type of cryptography is called symmetrical cryptography, meaning that the key that is used to encrypt can decrypt the data. With this type of cryptography, it is hard to keep the key secure. If the oth
er side need to decode the message, he will need the key, and if the key is send along with the message, then whoever’s evasdropping can get the key also…

Therefore, there’s a new type of cryptography… I mean, newer than symmetrical cryptography, but older than most of us anyway. ( and yes, that includes YoYo too, one of the leet-est member I ever have in DA, and he’s 38 last year. )

It is called asymmetrical cryptography, as the name suggest, the key to encrypt, and to decrypt is different. Furthermore, you cannot derive one key from another.

How is this applied? Let’s take an example:
Bob wants to send a message to Alice.
Alice generate a pair of key. She send the encryption key to Bob. ( Eavesdropper gets the key too… )
Bob encrypt the message with the encryption key, he then send it. ( Eavesdropper can’t decrypt it, since the encryption key cannot decrypt, and the decryption key cannot be derived from the encryption key. )
Alice gets the message and decrypt it.

Let me introduce some terminology:
- Public Key is the key that you would allow everyone to know. In the case of signing files, it will be the decryption key. In the case of encrypting files, it will be the encryption key.
- Private Key, opposite of public key. No one, except you, should have it.

Also to note, most modern cryptography algorithms allows encryption or decryption with a key. Meaning that it is not fixed that this key can only be used for encryption or decryption. If you use a key to encrypt, then you would need the other key to decrypt. And vice versa.
Ok, enough Cryptography-101… I mean enough basic stuff, let’s move on to real applications.
Cryptography software allows us to:
- Create a pair of key
- Encrypt a file, that only the recipient can
- Sign a file
.. etc..

The software that I propose is Gnu Privacy Guard, also known as GPG. This software is compatible with PGP.
Although it is a CLi software, but you won’t need to touch the CLi interface anyway… There are GUIs out there.

For Windows:
Please go to http://www.gpg4win.org/ and download the software.
Here’s a step by step on how to verify a signed file:
1. You need to import the author’s public key.
– Start GPA.
– If prompted to generate key pair, it is up to you that when you want to do it, or if you want to do it at all.

Default Startup Scene.

Now Click Server->Retrieve Key:

Next, key in the key ID.

Then, it will tell you that it got the key. ( It requires internet access to fetch the key. )

Just to ensure nobody meddled with the key, you can verify the fingerprint:

Ok, now we are done with importing the keys.

2. Verifying the file.
– Go to the directory where the file is.
– Right click -> GPGee -> Verify/Decrypt File

– Then, it will tell you if the signature and the file is valid, or not.

– OK, now you are done!

For more information on my public key, visit the About page.
Feel free to tell me if any of you created any key pairs, so I can add them in also.

There are also many information on cryptography software like GPG, Google It!

====================================================================

Just some side news here:
- GMS GG rev 1000, MzBot survived it.
- Debian GNU/Linux 4.0 ( Codename `Etch` ) Released! Finally! I have been waiting for it for 5 month! Beta testing it for 3 month! ( and met no bugs… LoL! )
- Gonna help in the K Desktop Environment Project, possible areas:
+ Kig, part of the KDE Edu package. If possible, I will persuade the school to drop GSP.
+ Plasma, the shell. I got some idea for Application Launching methods….
+ Chinese i18n
But before that, I gotta brush up my Qt skills…. The last time I did Qt C++ programming was…I can remember then…
…
That was my PSLE year… before I started fiddling this 10-year old online game called MapleStory, before I started writing mailing spammer/flooder….