Sometimes you may just want to get the soundtrack of a video. And you know, today most videos are available in streaming on the web. There are several ways to download those videos, depending on the service that hosts them, but there are also many websites that explains how to do that. To give an example, youtube player retrieve videos requesting an URL with parameters that include the ID of the video and a signature it got when it’s loaded. To emulate this behaviour and get yourself the video to download, you can eg. use one of the appropriate firefox plugins , rather than getting the url from one of the many websites that build it for you. Anyway, streaming videos are in .flv or .mp4 formats. If you want to get the audio from an .flv video, you just need ffmpeg, running

ffmpeg -i "video.flv" -f mp3 -vn -acodec copy "audio.mp3"

If you want to get the .mp3 audio from an .mp4 video instead, you may use faad2 and lame to just decode the .mp4 audio to .wav e reencode it to an .mp3 .

faad -o - "video.mp4" | lame - "audio.mp3"

You can get both faad2 and lame as well as ffmpeg via apt or whatever package manager you use in Linux, and via MacPorts of Fink in Mac Os X.

Having physical access to a machine, in many common cases means be able to get a root access to the installed system. This is widely known for some version of MS Windows, I don’t know much about Windows 7 right now, but here we have a video from guys at Offensive Security where windows vista is owned just booting backtrack and replacing C:\Windows\System32\Utilman.exe with cmd.exe, and weak passwords encoded to LM and NTLM hashes can be easily cracked with Ophcrack liveCD or any other live system and large rainbow tables. So people switching to linux may think their systems are more secure now, and bad guys won’t be able to access them if they leave the room for five minutes. Unfortunately that isn’t true for what concern physical access to default-like installations. When linux machines are powered on, a bootloader is launched and it do load the initrd if any and the kernel in memory, with a set of given options. Common bootloader such GRUB allow the user to choose among different entries, that may refer to different kernels or different option sets. By default, nothing prevent those entries from being edited. The following video shows how anyone with physical access to the machine can edit an entry to instruct the kernel in running a shell e.g. instead of the init daemon, without being asked for any password, and gaining this way root access to the machine. It’s also shown how to deny this kind of action, by setting up a password protection for all the entries.

Protecting grub entries anyway is just one little step to decrease risks coming from untrusted physical access. Boot from a LiveCD or external drive will give access to your filesystem easily. You can avoid this by denying the boot from CD-Roms and other devices in the BIOS settings, then setting up a password for the BIOS configuration. But BIOS configuration can be reseted at least removing the battery from the machine motherboard, and anyway someone can still extract your hard drive and mount it on another system. If you care about that, your solution may just be the encryption of your whole partitions, so that a passphrase will be required (every time) when they are mounted.

Here is the demo recorded in the context of the SSL Threat Analysis i wrote about previously.

As a form of term paper for the Computers and Networks Security class at Roma Tre University, students have been asked this year to contribute to a wiki. I obviously picked the class and I’ve been assigned to a group in charge to write a threats analysis over the SSL / TLS protocol. Since I already had a look at presentations by independent researcher Moxie Marlinspike, I wrote an hopefully detailed report of the attacks he presented at Defcon17 last August. I discussed this report few days ago and since the wiki will be probably kept private for students, i’m going to publish this relation here, that follows.

SSL / TLS

Secure Sockets Layer (SSL) and its successor Transport Layer Security TLS are cryptographic protocols that aim to provide security for data transmitted over networks.
While the SSL wording refers to the original specifications developed by Netscape Corporation , TLS is an IETF standard, last updated in rfc2546, that anyway is based on the SSL specification, explaining why the word ”SSL” is often used to indicate the actual TLS protocol.
While the protocol is widely used to secure overlaying application level insecure protocols, such as HTTP, FTP, SMTP or VoIP applications, it may be used to secure tunneling virtually any other protocol.

Read more

I have been recently asked to deliver a lesson in the base linux course LUG Roma3, which I cooperate with, is keeping at roma3 university on voluntary base.
Here are the slide I sketched out for this occasion.

I delivered a similar lesson on last edition of this course and also wrote a paper from what I presented at that time, but I think this pack is definitely better, and less boring than a long paper, so i’m removing the old post in behalf of this new one =)

I’m getting rid of drupal and i decided to give a chance to WordPress. I’ve already had some experiences with blog platforms or popular and complex CMS like Joomla , but never really looked close at wordpress, that today looks really more promising than how it seems some time ago.

Hope for the best !