Alcatel launches Flash 2 exclusively through Lazada Philippines

Mobile photography at its finest: Alcatel launches Flash 2 exclusively through Lazada Philippines  on September 30, 12 noon

New Prime Model From Alcatel Flash Pushes the Limits In Camera and Phone.

Here's the official Press Release

MANILA, PHILIPPINES, 22 SEPTEMBER 2015 – Alcatel Flash today announced their latest prime model, the Alcatel Flash 2, with an even stronger focus on mobile photography than ever before. Fresh with their new brand color “Flash Green” signifying innovation, youth and energy, the Alcatel Flash 2 builds upon Alcatel Flash’s commitment in providing mobile users a unique mobile photography experience – mobigraphy.

“Mobigraphy is not just an action, but is now a lifestyle. We understand this from the very beginning when we created the Flash series,” Albert Wong, General Manager, Alcatel Flash. “What we have done for Alcatel Flash 2 is to continue to improve on what we already have and make it better yet at the same time continue to provide accessibility and convenience to the users to shoot their best moments.”

“The success of the Flash Plus has inspired the team to devise another smartphone with superb features and specifications at an affordable price,” Lei Zhang, Philippine Country Manager, Alcatel Flash.

Launching exclusively on September 30 at exactly 12 Noon, through the Philippines’ One-Stop Shopping and Selling Destination – Lazada; the Alcatel Flash 2 signifies the strong partnership between Alcatel and Lazada towards having the superior product quality of the Alcatel smartphones be accessible to a wider consumer base through Lazada’s strong logistical capability and robust cash-on-delivery network. With the partnership between Alcatel and Lazada, Filpinos can own the newest smartphone sensation – the Alcatel Flash 2, through the effortless and enjoyable online shopping experience that Lazada Philippines offers to its shoppers.

Improved Camera Technologies

The gSight. 13 Megapixels ƒ/2.0 rear camera provides sharper and clearer pictures. The accompanying RealTone Dual Flash gives an extra advantage in low light conditions while maintaining the colors as true as possible to real life.

For the Profie Cam front camera, Alcatel Flash 2 has the distinct LED flash, shedding light to the users’ selfies.

Design To Fit Perfectly In Your Hand

The Alcatel Flash 2 is ergonomically designed to fit perfectly in any hand. The non-slip and mark-free curved back keeps the device spotless and dirt-free at all times. Meanwhile, the balanced body gives easy access to all the functions by using just one hand.

Sweet Intuitive Android L UI Experience

Simple yet elegantly stunning. The authentic Android L UI that comes with the Alcatel Flash 2 is all about simple yet easy-to-use designs that understands the human behavior. The results is an overall user-friendly navigation and experience.

Robust 64-bit Octa-core Processor. 

Built with the incredibly powerful 64-bit 8 core 1.3Ghz Cortex-A53 MT6753 Processor along with the 2GB LPDDR3 SDRAM, the Alcatel Flash 2 delivers robust performance for heavy duty usage. Users can multitask seamlessly. For peak graphic performance, the Alcatel Flash 2 comes with the Mali-T720MP4 GPU.

Pricing & Availability 

The Alcatel Flash 2 is available in Volcanic Grey and Mica White. Only the former(Volcanic Grey) will be released initially. Philippines will be the first country to launch the device (22 September 2015) and the first to sell (30 September 2015). The Suggested Retail Price is at Php 6,190.00.

Alcatel Flash 2 will be sold exclusively in Lazada via www.lazada.com.ph/alcatel-flash-2/.

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

SNIPE App: Shop, Find Deals & Bargains Tinder style

SNIPE App: The first-ever location-based app that shows you deals at the product level, right in the mall you’re in, instantly Snipe is a personal shopping companion that makes shopping even more fun by letting users sift through bargains in a gamified interface.

Snipe is neither an online shopping app nor like any other shopping app out there today. It is a personal shopping companion that helps people quickly find and collect deals they like—all in a gamified interface. “It’s like Tinder, but instead of matching people with each other, we match customers with bargains,” says Robert Suyom, Jr., one of Snipe’s creators. “Sale posters are everywhere, but we want to know what specific products are on sale. Snipe makes information available right when and where customers need it.” The app was launched on August 11, 2015 and can be downloaded for free on both the App Store and the Play Store.  A user can see deals using Snipe in selected malls in Metro Manila.

With Snipe, users can shop like never before. This app brings delight and surprise to the fore of shopping. Snipe distills the feeling of stumbling upon that perfect dress or pair of shoes and makes it easier for people to have exciting encounters like this again and again.

Not only can customers save time and money with Snipe, but they can also discover bargains in a new and fun way. To help users discover deals, Snipe detects which mall the user is in and displays the deals available there, one-by-one in random order, on a digital coupon roll. The user can narrow down his search with a filter of bargain categories. (Note that Snipe displays deals only when the user is in a mall and during mall operating hours.) The randomly ordered coupons make users feel lucky when they see a deal they like, and the coupon-roll interface itself adds a tactile and visually quirky user experience. To help users save time and money, Snipe lets them swipe through bargains that would've taken users hours to sift throughas well as take advantage of the promos featured in the app.

How to use Snipe App:

There are just three easy steps to use Snipe [Source] :

1. Fire it up: Snipe detects your location, gathers the best of the best deals in the mall you’re in, and presents them as a roll of coupons in random order.

2. Snipe the deals you like: If you like a coupon, simply swipe it to the right. Or, in short, Snipe it! Coupons you snipe are stored in the wallet. If you don’t like a coupon, just swipe it down.
SOME IMPORTANT NOTES: A discarded coupon will be gone for the rest of the day, so swipe down with care. Also, all Sniped coupons in your wallet will be deleted every midnight.

3. Redeem: Go to your wallet and redeem the coupon by showing the generated redemption code to the store representative. Then, you can finally purchase the bargain.

Current Malls that support Snipe:

• Alabang Town Center
• SM Mall of Asia, Glorietta
• Greenbelt
• Power Plant Mall
• SM Aura
• Bonifacio High Street
• SM Megamall
• EDSA Shangri-La Plaza
• SM North EDSA

Where to download Snipe App:

• App Store for iOS Devices
• Play Store for Android Devices

Expect more deals and malls to be covered by Snipe in the future. Snipe is a creation of the local tech startup Resonant Technology Solutions. More info about Snipe App here

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Yahoo launches countdown to first ever free NFL global livestreaming

Yahoo starts the countdown to first ever free NFL global livestreaming. Yes, you read it right, free NFL global livestream content

Yahoo has recently announced via their official Tumblr website the countdown to the launch of https://nflstream.yahoo.com/, the first ever free National Football League (NFL) global livestream for all devices. This is produced by NFL and Yahoo Studios especially for the die-hard NFL fans, where they can see the latest team stats, videos and behind the scenes content. On game day, October 25, fans can tune in to watch the Buffalo Bills take on the Jacksonville Jaguars in London in whichever device they prefer – their desktop, laptop, mobile device or tablet.

Now you can take your NFL game anywhere, as long as you're connected online. Also, you'll be updated with the team stats, standings together with behind the scenes coverage and interviews. 

Here is a link to the official announcement regarding this exciting new sports portal: Countdown to Kickoff: New Destination Just For NFL Fans [link]

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Best Food Forward 2015: Half-a-Decade of Food Festival

 Foodie or not, this is something your tummy and taste buds will definitely look forward to. Best Food Forward is back on its 5th year, celebrating half-a-decade, combining food, camaraderie and entrepreneurship!

Best Food Forward is a benefit food fair that is celebrated every year. Best Food Forward 2015 will be held at The Rockwell Tent, Makati City on October 10-11, 2015.

Time to open your taste buds and appetite to the best food servings and preparation as you fill them up with all the good treats the chefs and concessionaires can offer! Who says you have to limit and seclude yourself from tasting flavors and spices that only hig-end restos can offer.

Best Food Forward benefit food fair should open doors as you explore all the great tasting food, desserts, pastries, etc.

Being a Nuffnanger has its own perks, as there's an exclusive contest going on just for its member. Nuffnangers can score free tickets to the event where they can also bring friends and/or family members. 

Get your tummies and taste buds ready for #BestFoodForward 2015!

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Vanilla Cupcake Bakery: More than just a Cupcake Shop

I always have a mania on cakes, breads, cupcakes and the like.  I go and try whenever I see shops specializing on such, until I came across the Vanilla Cupcake Bakery.

Photo from Vanilla Cupcake Bakery FB Page

At first I have no idea that such entity exists until I chanced upon the music video of Kim Chiu’s “Mr. Right” wherein my glance was caught by the colorful pastel background.  I thought the place was an interim concept made exclusively for the said music video.  In other words, curiosity hit me so I searched of this Vanilla Cupcake Bakery’s locale.  I figured it could just be near the grounds of ABS-CBN and I was right. It is just along Mother Ignacia. So I said to myself, “I won’t let go until I try you.”

This is at the left side of VCB’s façade. Great area for clients who smoke.

Little did I know that the following day, I would go and traverse to the said cupcake bakery because I was with my sister and her best friend. They asked me where I would want to go and eat. I told them I want to try my new conquer, that is, the Vanilla Cupcake Bakery.  They both looked at me and asked, “What’s that?”  When I told them how I got the name of the shop, they unanimously grinned back at me.  So off we go to the place of spot.

Front area and the entrance door of front area

When we arrived at the place, around 7:30 in the evening, we didn’t have trouble in the nearby parking.  That’s one point for me. You will be welcomed by a refreshing facade once you enter the place because of its homey ambiance.

A wide array of cupcakes and puddings in a jar will welcome you

More than just a space, you will never experience a disorder or clutter once you’re inside, even if the place is in full capacity.  I can say this is a great place for people who discuss business over a cup of coffee or for comrades who make up for lost times.

You will never get enough of these chilled cakes and ice cream cakes. Promise!

That night I binge for their “Croque Madame”. A delightful but different version of their ham, cheese, poached egg and sandwich put together which is smothered with yummy cheese sauce. I couldn’t ask for more. This one filled my tummy already. I partnered it with my current craze strawberry iced tea. Wonderful!

This is their Banoffee Custard served in a jar. If you want a souvenir with this trip, you may take home the jar, finished or not, free-of-charge. Cool!

Banoffee Custard in jar

Their wallpaper murals depict a cozy and “feel-at-home” attitude.

I really enjoyed my first-time in trying this Vanilla Cupcake Bakery. It’s like I went back to grandma’s home. I’ll get back to this place for sure, probably with my own circle of friends. A nice experience visiting Vanilla Cupcake Bakery. After all, it's more than just a cupcake shop!

This quaint space will enthrall you. More than just a throwback enigma.

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Faraday: continuous scanning [Spanish]

Introduction:

Realizar un scanning de seguridad de su infraestructura, servicios o sitios web una vez por año o cada 6 meses es un gran paso para asegurar sus sistemas pero no es suficiente.

Sumado a eso, si la auditoria involucra solo una herramienta nuestra superficie de ataque puede ser muy pequeña.

La idea de este post es contarles como utilizar la plataforma de Faraday para realizar continuous scanning utilizando la mayor cantidad herramientas de auditoria soportadas.

El objetivo sera realizar un scanning semanal o por eventos de un conjunto de targets, con distintas herramientas y obtener todo el resultado en la misma plataforma de Faraday para detectar y mitigar nuevos issues en su infraestructura.

Si bien siempre es necesario realizar auditorias manuales ya que aun el software no supera al humano, tener un continuous scanning utilizando distintas herramientas puede lograr descubrir mayor cantidad de low hanging fruit y mejorar la seguridad en el tiempo sostenidamente.

Preparación:

Las herramientas a utilizar serán:

• w3af
• nmap
• nikto
• burp
• zap
• nessus
• openvas

Utilizando un conjunto de scripts junto con distintas API obtendremos de una lista de IPs/Website los correspondientes reportes.

Cada reporte luego sera copiado a $HOME/.faraday/report/[workspace_name]

Faraday se encargara de convertir todos los reportes en información valiosa para ser interpretada y consumida por usuarios.

Script:

El siguiente script centraliza todas las acciones antes mencionadas.
./cscan.py: #ejecuta cada script dentro de ./scripts/network/ y ./scripts/web/

./scripts/web #directorio para tools web
./scripts/network #directorio para tools network
./output #directorio temporario donde se generan los reportes
./websites.txt #lista de website a scanear
./ips.txt #lista de IPs/Networks a scanear
./plugin #librerias o plugins necesario por ./scripts/
./config.py #global configuration

El siguiente es el script nmap
./scripts/network/nmap

NAME="nmap_$(date +%s).xml"

${CS_NMAP:=nmap} -iL $1 -oX $2$NAME

Muy simple toma dos parametros el primero es el target y el segundo el output directory para el report, puede ser programados cualquier lenguaje, los siguientes están disponibles:
./scripts/web/burp.sh
./scripts/web/zap.sh
./scripts/web/nikto.sh
./scripts/web/w3af.sh
./scripts/network
./scripts/network/nmap.sh
./scripts/network/openvas.sh
./scripts/network/nessus.sh

Antes de comenzarlo a utilizar revisar ./config.py ya que contiene configuraciones especificas que pueden cambiar en tu sistema, como path de las herramientas, credenciales openvas, etc.


Demo:

Schedule:

El ultimo paso es configurar cada cuanto esta herramienta va ser ejecutada.
Esto puede ser utilizando simplemente cron todos los dias a las 0 hs ejecutamos la herramienta y movemos los reportes al workspace "workspace_name"

# crontab -l

0 0 * * * bash /root/dev/cscan/cscan.py ; mv /root/dev/cscan/output/* /root/.faraday/report/workspace_name/

Otra opción es configurar este scripts con Jenkins y podríamos configurar distintos con eventos el inicio del scanning por ejemplo cada vez que un nuevo merge realice un scan sobre un sitio web o ip especifica.

Faraday Web UI:

Cada vez que un reporte sea incorporado este incluirá solo la nueva información, utilizando tags podemos ir categorizando las vulnerabilidades donde es necesario prestar atención:

1) En la siguiente imagen podemos observar un primer import de Nessus:

2) En la siguiente imagen taggeamos las vulnerabilidades como falso positivo y vulnerables:

3) En la siguiente imagen cargamos un segundo reporte de Nessus, y observamos las nuevas vulnerabilidades:

Este procedimiento continuo permite tener una vision global a lo largo del tiempo sobre la infraestructura.

Tool:

El código se puede encontrar en github:
http://github.com/infobyte/cscan

En la proxima iteracción de Faraday va ser distribuido dentro del sets de herramientas en el directorio /scripts/cscan/

Install:

* Para burp es necesario incluir el plugin plugin/carbonator/carbonator.py incluido, tiene algunas modificaciones para adaptarse a nuestra implementación.

Algunos requerimientos mas:

* pip install python-owasp-zap-v2 w3af-api-client

To-Do:

Agregar mas herramientas, mejorar la detección de fallos de las mismas.

Esperamos sus recomendaciones, dudas, consultas, pull requests !

Faraday: continuous scanning

Introduction:

Doing a security audit for your infrastructure, web site or services whether it be annually or every six months is a great first step to better securing your systems, but in many cases it is not enough.

Adding to that, if the audit only involves one tool, our attack surface unfortunately is pretty small.

The idea of this post is to tell everyone about how to use the Faraday platform to be able to do continuous scannings using almost all the auditing tools on the market.

The goal will be to do a scan every week or by events after a set of targets with different tools and obtain all the results on your Faraday platform. This should allow you to detect and mitigate new issues in your infrastructure.

While it is always necessary to conduct regular manual security audits (at least for the time being the software is not better than people). By doing continuous scannings it can help a company pick off a lot of the low hanging fruit and let them concentrate on trickier stuff.

Preparation:

We are going to use the following tools:

• w3af
• nmap
• nikto
• burp
• zap
• nessus
• openvas

Using a set of scripts together with different API we can obtain from a list of IPs/ Websites the corresponding reports.

Each report must be copied to $HOME/.faraday/report/[workspace_name]

Faraday than will convert all the reports into valuable information to be interpreted by the user.

Script:

The following script will centralize all the actions we mentioned before.
./cscan.py: #execute each script inside ./scripts/network/ and ./scripts/web/

./scripts/web #directory for web tools
./scripts/network #directory for network tools
./output #temporary directory where the reports are generated
./websites.txt #Website list 
./ips.txt #IPs/Networks list
./plugin #plugin or library necessary for ./scripts/
./config.py #global configuration

The following is the nmap script
./scripts/network/nmap

NAME="nmap_$(date +%s).xml"

${CS_NMAP:=nmap} -iL $1 -oX $2$NAME

It very simply takes two parameters, the first is the target and the second the output directory for the report, it can be programmed in any languages, the following tools are available:
./scripts/web/burp.sh
./scripts/web/zap.sh
./scripts/web/nikto.sh
./scripts/web/w3af.sh
./scripts/network
./scripts/network/nmap.sh
./scripts/network/openvas.sh
./scripts/network/nessus.sh

Before starting to use it, review ./config.py as it contains specific configurations that can change your system, some include the path of the tools, openvas/nessus credentials, etc.

Demo:

Schedule:

The last step is configure how reguarly you are going to run the tool.
A simple example would be using cron each day at midnight executing the tool and moving the reports to the workspace "workspace_name"

# crontab -l

0 0 * * * bash /root/dev/cscan/cscan.py ; mv /root/dev/cscan/output/* /root/.faraday/report/workspace_name/

Another option is to configure the scripts with Jenkins and we would be able to set up different configurations with events do the scanning starts. An example would be each time a new merge /  release is done there it will be a scan of the web site or specific IP,

Faraday Web UI:

Each time a report is incorporated this will include only the new information. Using tags we can categorize the vulnerabilities where it is necessary to focus our attention.

1) In the image below we can see our first import from Nessus.

2) In the second image we tagged the vulnerabilities, as a real vulnerability or a false positive.

3) Finally in the last image we loaded a second Nessus report and here we can observe the new vulnerabilities.

This continuous procedure lets a company have an expanded vision overtime of their infrastructure.

Tool:

You can find the code on Github:
http://github.com/infobyte/cscan

In the next iteration of Faraday we are going to be distributing it within the tool sets in the directory $FARADAY_DIR/scripts/cscan/

Install:

*For burp it is necessary include the plugin plugin/carbonator/carbonator.py, it has some modifications to adapt it for our implementation.

A couple more requirements:

* pip install python-owasp-zap-v2 w3af-api-client

To-Do:

To add more tools and to improve the detection of errors of the tools.

We are really looking forward to hear your recommendations, questions and pull requests!

iOS9 iPhone update improves battery performance using LOW POWER MODE

We just downloaded the latest iOS update for Apple mobile devices, the iOS 9. It felt like it's the same ui of iPhone, until you actually check the inside: settings and stuff.

Though we haven't really dig deep into its rich new features, one really caught our attention is the addition of LOW POWER MODE. 

Admit or not, the battery performance of an iPhone no matter which generation it is, usually the topic of puns and memes. But the iOS 9 begs to differ.

The low power mode option goes off in iOS 9 once it's reaches acceptable battery charge. Based form our experience, iOS 9 turns the low power mode once it reaches 80% battery charge(still need to confirm this with Apple)

This reminds us of BB OS7.1 update that added the same feature on older Blackberry phones. Though OS X or Blackberry OS 10 is the latest, the BB OS 7.1 users still find the battery performance useful.

iOS9 updates iPhone 4s and later models. Could the iOS 9 update be the answer to iPhone users battery dilemma? 

In case you didn't know, there's already iOS 9.1. Don't forget to update!

AKG Y50 Headphones Review: Ecstatically good sounding cans

AKG Y50 headset recently receive the RedDot Award 2015 Winner. It was also hailed by What HiFi during its Product of the Year, Awards 2014. 

We got the chance to get our hands on one of AKG's modern headphones that received praises and good reviews from users, bloggers and trusted reviewers. Is it really worth it to have one? Read on to know what's our take on the AKG Y50 headphones during our hands-on review

AKG Y50 - Black. Photo:uk.akg.com

I do not consider myself a techie person. But I do know how to appreciate things of value and worth. Let’s say, I love music, and consider it as part of my day to day life. I hear it everywhere, at store, at shops, even while in transit.  I love it, raw as it is.  Imagine, if the way you usually hear music could be elevated on a notch higher. This is by using a headset. An ordinary, inexpensive headset would do me no harm, for as long as it serves its purpose to me. But not when I tried the so-called Y50 by AKG. This headset really made me ecstatic. Imagine, having a high-end type of headset to own.

AKG Y50 - Black. Photo:uk.akg.com

The headset is quite simple in structure, but offers gargantuan effects and features.  It is made of soft leatherette material which surrounds the inner muff of the headset that rests gently on your ears which at the same time encapsulate the sound for a vivid listening pleasure.  The headband is made of lightweight stainless steel with the same soft leatherette material encircling the middle part so it won’t stress the head for prolonged use.  The sides of the headband are adjustable with proportional grid to support the fit onto head.  The cord that goes with it is long enough to adjust to your needs specially if the headset is connected to a mobile which is in your pocket.

With that being said, simple as it looks but the sound it transmits do not diminish your listening pleasure whether you tune in to jazz, classic, pop or R&B music. It audibly displays an orchestral sound which you can determine bass from trombones to identifying drumbeats from clanking cymbals.  It could send you to the memories of yesteryears through the softness of a mellow song, will make you dance to the upbeat of rock and wave music, enjoy the rhythm and blues or it will even send you to slumber of some slow-drag songs.

The package comes with a travel pouch for carrying, user’s manual, wire with jack for your mobile phone and another bigger jack for other device. It is housed in a neat acetate-top sturdy box.  The AKG Y50 headset comes in yellow, red teal and black colors.

The AKG Y50 is priced at PHP 4990.00 at retail. You can get a pair of AKG Y50 headphones while stocks last in all JBL Stores in Manila

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Discover Brother’s latest business solutions at SIP 2015 expo in Mall of Asia

Brother International Philippines Corporation (Brother Philippines) has announced its participation at the Systems Integration Philippines (SIP) 2015, the country’s most comprehensive office and workplace solutions expo slated from August 20-22, 2015 at the SMX Convention Center, Mall of Asia Complex, Pasay City.

Among the country’s leading providers of home and business IT peripherals, Brother is one of over 250 of the biggest local and international brands that will showcase their latest business products and services at the mega event.

Brother Philippines offers print and imaging solutions that are cost efficient, energy saving and eco-friendly.  Visit their booth at the expo to learn how their innovative business products and services could enable the success of your business.  

For the SIP expo, Brother will be highlighting their diverse range of Industrial P-Touch label printers, specifically the following models: PT-E100VP, PT-E300VP, PT-E550WVP, PT-9700PC and PT-9800PCN. Brother’s industrial P-Touch labellers provide practical solutions in organizing and identification in the work environment.

Brother Philippines President Glenn P. Hocson said, “Every year, the Systems Integration Philippines expo has been a venue for Brother to showcase our latest products and innovations. We hope more people will see us at our booth this year so we can educate them more on how our technologies can help their businesses become more efficient and profitable.” 

Participating brands at the expo come from the following industries: IT and telecommunications; corporate gifts and promotional products; consumer electronics and gadgets; educational and training; pro-audio, video, lighting and staging; signage and out-of-home media, and business products and services.

To learn more about Brother’s products, visit www.brother.com/ph-en/products-services; like Brother Philippines’ Facebook page; or follow @BrotherPHILS on Twitter and Instagram.

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Cross Distribution Exploit Testing: 2da Parte.

El mes pasado publicamos el siguiente post junto con la herramienta:
http://github.com/infobyte/distro_checker

Una de las cosas que nos limitaba la primer version es que trabajabamos utilizando Docker. No todas las vulnerabilidades podían ser probadas utilizando esta herramienta ya que problemas relaciones con kernel no pueden ser explotados porque docker no es una sistema de virtualización  es en pocas palabras un chroot con esteroides.

Hicimos nuevos cambios para incorporar ademas Vagrant de esta manera podemos probar cualquier tipo de vulnerabilidades ya que seria un entorno de virtualización completo.

Ejemplo:
El siguiente comando ejecutaría el comando id dentro de las distintas VMs especificadas en el variable "distros"

./vagrant_build.py -c id

Correría ese comando en las siguientes distros

distros = [

           {'name' :'centos/7',

            'url':'https://atlas.hashicorp.com/centos/7',

            'provider':'virtualbox'},

           {'name' :'ubuntu/vivid64',

            'url':'https://atlas.hashicorp.com/ubuntu/vivid64',

            'provider':'virtualbox'},

           {'name' :'ubuntu/trusty64',

            'url':'https://atlas.hashicorp.com/ubuntu/trusty64',

            'provider':'virtualbox'},

                                    

           {'name' :'debian/jessie64',

            'url':'https://atlas.hashicorp.com/debian/jessie64',

            'provider':'virtualbox'},

           {'name' :'debian/wheezy64',

            'url':'https://atlas.hashicorp.com/debian/wheezy64',

            'provider':'virtualbox'},

          ]

Demo:
En la siguiente demo utilizamos el exploit ofs.c para la vulnerabilidad CVE-2015-1328 en distintas distribuciones de Ubuntu:

https://atlas.hashicorp.com/sincerely/trusty64
https://atlas.hashicorp.com/puphpet/ubuntu1204-x64
https://atlas.hashicorp.com/ubuntu/trusty64

Usamos otros repositorios salvo el ultimo ya que Ubuntu actualiza los últimos parches en su VM
Esta nueva version se encuentra disponible en
http://github.com/infobyte/distro_checker

Clean:
No se olviden de tener en cuenta los siguientes comandos para realizar limpieza

$ vagrant box list  #lista de vms en nuestro repositorio local

$ vagrant box remove "vmname" #elimina la vm especificada

$ vagrant destroy #elimina vm del directorio local, si por algún problema cancelamos la ejecución de vagrant_build.py recomendamos correr este comando ya que es posible que haya quedado una VM en su repositorio.

Adicionalmente esta herramienta se puede también utilizar (como estamos haciendo en nuestro caso), para hacer pruebas de cross distribution testing sobre funcionalidades, instalación, setup de Faraday en distintos ambientes.

Espero que les sea de utilidad!
Saludos

Cross Distribution Exploit Testing: 2 Part

Last month we published a post about a tool we were using:
http://github.com/infobyte/distro_checker

One of the things that limited us a bit the first time around was that we were working with Docker. Not all the vulnerabilities can be tested using the first version of the tool, because kernel's related problems can't be exploited inside Docker.

To improve upon this, we made some changes and we incorporated Vagrant, which lets us try basically any vulnerability as we already have a complete virtual environment.

Example:
In the following example, we would execute the "id" command within the different VMs, specifying the variable "distros".

./vagrant_build.py -c id

We have to run this command in the following distros:

distros = [
           {'name' :'centos/7',
            'url':'https://atlas.hashicorp.com/centos/7',
            'provider':'virtualbox'},

           {'name' :'ubuntu/vivid64',
            'url':'https://atlas.hashicorp.com/ubuntu/vivid64',
            'provider':'virtualbox'},

           {'name' :'ubuntu/trusty64',
            'url':'https://atlas.hashicorp.com/ubuntu/trusty64',
            'provider':'virtualbox'},
                                    
           {'name' :'debian/jessie64',
            'url':'https://atlas.hashicorp.com/debian/jessie64',
            'provider':'virtualbox'},
           {'name' :'debian/wheezy64',
            'url':'https://atlas.hashicorp.com/debian/wheezy64',
            'provider':'virtualbox'},
          ]

Demo:
In the following demo we will use the exploit ofs.c for the vulnerability CVE-2015-1328 in different distributions of Ubuntu:

https://atlas.hashicorp.com/sincerely/trusty64
https://atlas.hashicorp.com/puphpet/ubuntu1204-x64
https://atlas.hashicorp.com/ubuntu/trusty64

We are going to use other repositories except for the last one as Ubuntu already has the last parches in its VM.
This new version we can find in
http://github.com/infobyte/distro_checker

Clean:
After a few tests, it's important not forget the following commands so you can do cleanings:

$ vagrant box list  #list of vms in our local repository
$ vagrant box remove "vmname" #eliminates the specific vm

$ vagrant destroy #eliminates vm for the local directory, if por some reason we were to cancel the executtion of vagrant_build.py, we recommend running this command as it possible that there still is a VM in the repository.

This tool can also be used (like we did in our case) for doing cross distribution testing for functionalities, installation and for setting up Faraday in different environments

Hopefully you found this useful.
Best,

Satchmi Store Turns 1: 5 Reasons to join their first Anniversay!

Satchmi, a catchy name from the creators and brand, behind the Vinyl player with a modern and lively touch on it. We bumped into our very first close encounter with a Satchmi Motorino at the Astrovision store in Shang-rila Mall, along Edsa-Mandaluyong. Months passed and they already have their own store. Now it's turning 1!

It's been a year since the Satchmi Store opened its doors and they’re celebrating it the best way they know how: the ultimate birthday party happening! We're so excited for September 26, but while we wait, here are a couple of things we hear you can expect at Satchmi’s Birthday Bash:

Free flowing drinks

The Satchmi Store as most people know, is not just your ordinary record store. They also have a coffee bar situated right in the middle. Their third wave coffee has been praised and raved on by many, getting their beans straight from the local supplier - EDSA Beverage Design Group. This time though, not only will we get free flowing coffee for the night, but free flowing craft beer from their friends over at CraftPoint Brewery! Coffee + Beer = the perfect way to cap off the night

Party giveaways and prizes

For those who attend the party, they get a chance to win Satchmi’s Motorino Mk II - Customized Limited Edition. A staple in almost all of Satchmi’s events. Not only that, they’ve also added in more giveaways from their favourite curated local brands like Sunday Paper Co, The Lost Nomad, Gouache Bags, Leather Fellow, The Green House Project, and more!

Record sales

We also hear that there might be a sale on their records (plus a special announcement about the Motorino Mk II we are absolutely dying to know!)

Lots of music and laughs

The Satchmi Store has been known for hosting intimate and fun events for music and the performing arts. You can expect some of their staples on stage: Reese & Vica, BP Valenzuela, CRWN, and up and coming artist Coeli (all we can say is you have to see her to experience her music). Adding to the birthday fun, Satchmi will also be getting Comedy Cartel’s Chip Balbuena - JackTV’s Kamikaze Best Comedy Act Competition winner & Laugh and Stack Standup Comedy Competition Champion to end the night right.

Secrets and plans revealed

We also hear that there’s going to be a special part of the program where Satchmi will be disclosing to everyone there what their plans are for next year. It’s kind of ironic how this time the birthday celebrant will be doing the surprising and we just gotta know what it is! They’ve been dropping a few hints here and there but I guess we’ll have to wait for the actual event to find out what Satchmi is planning for 2016.

Until then, we are inviting everyone to go to one of the most exciting birthday parties this year. Advanced Happy Birthday to the Satchmi Store and see you on September 26, 7PM!

To RSVP go to tinyurl.com/happybirthdaySatchmi

The Satchmi Store is located at the 4F, Mega Fashion Hall, SM Megamall

For more details contact Satchmi at experience@satchmi.comor call them at 401 6905

Visit their website at www.satchmi.com

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr

Brother Industries Ltd. inks ‘Cooperation’ pact with PH gov’t

Japanese owned manufacturing firm, Brother Industries Ltd. recently signed an agreement with the Philippine government, whereby the company promises to cooperate with the latter in growing its business, while positively contributing to the country’s economic growth.  

Cooperation pact. A ‘cooperation’ pact was signed between Brother Industries Ltd and the Philippine government, whereby the company agreed to cooperate with the latter in growing its business, while positively contributing to the country’s economic growth. In photo (L-R): Philippine Secretary of Department of Trade and Industry, Gregory L. Domingo; Director General of Philippine Economic Zone Authority (PEZA), Lilia B. De Lima; President Benigno Aquino III; Brother Industries President, Terry Koike; and Secretary to the Cabinet Office, Jose Rene Almendras.

Brother Industries President Terry Koike penned the agreement during the recent state visit of President Benigno Aquino III and key members of his Cabinet in Japan, where Koike was among the executives of Japanese manufacturing firms who met with the Philippine delegation.

Koike said, “It is important for Brother to strengthen trust relationships with the Philippine government, which provides necessary support for businesses like ours to thrive. In the same way, it is also vital for the government to generate significant jobs and revenues from industries.” 

During the meeting, Koike requested the Philippine government also represented by Philippine Economic Zone Authority Director General Lilia B de Lima, Department of Trade and Industry Secretary Gregory L. Domingo, and Secretary to the Cabinet Jose Rene Almendras, to further improve infrastructure and human resource skills training in the country. 

More specifically, Koike emphasized the need for the Philippine government to build key infrastructures like roads and ports, and to strengthen the foundation for developing engineers specialized in mold design and automation, among other skills needed by the industry.

Pres. Aquino’s team had, in turn, assured Koike that budget allocation for improving infrastructure has been significantly increased, and that a second highway between Manila and Batangas will be built to improve access to ports.

Aquino, who was the guest of honor last August 2013 at the opening ceremony for Brother Industries’ new manufacturing plant in Batangas, also praised the company for its growth.

After two years since it started operations in the country, the number of Brother Industries Philippines manpower complement has grown markedly during FY2015. 

Koike said. “I have been calling on all of our employees to contribute towards the company’s growth, hoping that our sales and production in the Philippines will increase steadily and that Brother can truly contribute to the Philippine society.”

Like this story? Share it and don't forget to follow us on our social channels: Facebook, Twitter,  Instagram, Google+, Youtube, Flickr