The turnout was not what I expected, we were only approx. 15 participants. Considering it was planned on a Monday in working hours the only people who could attend were those who were either sent by their day job or those who could take the day off.
After a while searching for an older version of an App from the Play Store, I finally found the version I wanted and downloaded it.
In order to install it, you have to “Allow the installation from unknown sources”. So there goes the chain of trust for the app.
So how do you know:
- Where did the app came from ?
- Did someone plant Malware in it?
- Can I trust it?
These are cases for your trusted cryptographer or in the case your certificates.
Basically you need fo follow these steps:
# Dump the apk information $ANDROID_HOME/build-tools/23.0.0_rc2/aapt dump badging www.apks.org-de.hafas.android.db.apk |grep package # verify the signer jarsigner -verbose -verify www.apks.org-de.hafas.android.db.apk |less
# Verify that all files have been signed with the same key jarsigner -verbose -certs -verify www.apks.org-de.hafas.android.db.apk |less
I’ve had the DB Navigator app trying to update itself for the last 3 to 12 months, but hadn’t really put some time into figuring out why it didn’t work. If figured I was not the only one affected so they would fix it themselves someday. Since that never happens, I took some time and wrote this post.
In a nutshell the problem is that the ticket database was owned by another DB app: de.bahn.dbtickets. I uninstalled it and then could update / re-install the DB Navigator app.
How did I figure this out?, you say
- Enabled developer mode on my phone
- Connected to it and used adb logcat to see the logs
- Tried to install the app
- Found this in the logs
E/Finsky (28878):  PackageInstallerImpl.handleCommitCallback: Error -505 while installing de.hafas.android.db: INSTALL_FAILED_DUPLICATE_PERMISSION: Package de.hafas.android.db attempting to redeclare permission de.bahn.dbtickets.permission.WRITE_DB already owned by de.bahn.dbtickets
W/Finsky (28878):  3.installFailed: Install failure of de.hafas.android.db: -505 null
So the highlighted part is what told me the problem.
I just released a set of scripts that come in handing when creating clean images for virtual environment, heck you can even use it for cloud images.
What they do is:
- clear all the logs
- clean up the networking scripts, because the normally get references to the mac address in CentOS
- clean up the repository files
- in some cases create a root user
There are scripts for: CentOS 6, Debian and OpenSuse.
I’ve been working with the Havanna release of OpenStack the last couple of days and ran across a default setting that should be avoided in any deployment: using cookies as the session backend.
The source of the problems has been known at least since October 2013 in Django and other frameworks: clear-text client-side session management.
There is even OSVDB entry and Threatpost covered it in an article.
I normally try to stick to posting original content on my site, but I ran across this post today while doing some research for the Hacker High School project.
It presents a really well structured analysis of the communities that support and give life to the main Cloud Computing projects: OpenStack, CloudStack, Eucalyptus and OpenNebula. All the information was extracted from public forums and code management systems.
You can find the post here: http://t.co/qmwUUcsiHu
The first hand-held mobile phone was demonstrated by Motorola in 1973 and since 90s, mobile phones have become one of the technologies that have the biggest impact on the way we live. Cell phones or mobile phones have reached an impressive 96.2% of the world population and have penetrations rates of over 100% in developed nations. This information technology has spread faster that any other, including TV, Radio and the Internet. Can you remember how we lived before cellphones?
Fritz!Box is a series of home routers from AVM, which can do a lot. Among the features is VPN support: site-to-site and client-to-site (road warrior).
I wanted to play with the road warrior setup, because it is always practical to have a way back into a network: for privacy if on a hot spot or just to be able to access hosts on it.
Fritzbox deliverers it own Windows / Mac VPN client (FRITZ!Box VPN Connection) which works pretty good, but as a Linux user I would really enjoy native support (so I don’t have to get access through a VM, which works pretty well by the way).
After multiple failing tests and toggling all possible vpnc configuration options, which aren’t that many by the way, it was time to play: find the differences!