{0x4D 2E 20 59 2E} Blog

How to create a browsable LAMP server on Amazon EC2 instance (free tier)

This tutorial is aimed at people who needs to get a LAMP server up and running on a Amazon EC2 instance (free tier) quickly without being too bothered about optimisation.

To install a LAMP server in the quickest (and possibly the dirtiest) possible way, execute the following code:

sudo apt-get update
sudo apt-get install lamp-server^

Note: installing lamp-server^ may also install a few applications which you would not be able to use such as mysql client.

To make your web server browsable, there are two mains steps:

1) Modifying httpd.conf to map port 80 (default port for HTTP traffic) to the desired document directory
2) Configure security group permissions for your instance to allow traffic through port 80
3) Bind an elastic IP to your instance so that the instance can be browsed using a IPv4 IP (optional)

Read the rest of this entry »


How to establish connection to SQL Server from Microsoft Visual Studio

Motivated by the number of students I’ve met experiencing problem with establishing a connection to the SQL Server from Visual Studio, I’ve decided to type this summary up for anyone who has experienced similar problems. Comments are very much welcomed.

The specific versions of the softwares concerned are Microsoft SQL Server 2008 and Microsoft Visual Studio Web Developer Express 2010 but I suspect this problem could occur in other versions of Visual Studio.

Problem: Cannot find server name in drop down list (as shown below)

Setting up SQL Server Read the rest of this entry »


“OMG… Look What This 6 YEAR OLD found in Her HAPPY MEAL from McDonalds! on CLICK HERE TO SEE” – An exploitation of the Facebook “like” function

I came across the above title on my facebook dashboard today and anyone who is slightly security-aware would be on their edge after seeing  “CLICK HERE TO SEE” – a clear sign to lure the unknowing to click on a potentially malicious link.

A quick investigation into this found the following:

1)    Once a person clicks on the link, he/she is forwarded to a domain named shockingmcdmeal.tk or mcdshocknmeals.tk
2)    The homepage of shockingmcdmeal.tk is a FAKE Facebook fan page
3)    It also LEGALLY obtains the users’ consent in using their “like” function on Facebook:

“This website is not created or affiliated with Facebook in anyway. | Trademarks, service marks, logos, (including, without limitation, the individual names of products and retailers) are the property of their respective owners. |

By clicking anywhere on this page, you acknowledge and you are giving full consent to use the 'like' feature of Facebook to 'like' this page and one other relevant page to promote the presence of this page on Facebook.

If you do not agree with the above terms, please exit this page immediately.”


Read the rest of this entry »


Argos customers, beware!

I was reading news today and I stumbled across the news that Argos have been including in their Order Confirmation emails:

1) Customer’s full name
2) Customer’s full address
3) Customer’s full credit card number (embedded in HTML)
4) Customer’s card’s 3 digit security code (embedded in HTML)

..and yes, you guessed it, all in PLAINTEXT!

What does that mean? Well, if you’ve been reading your emails on a public Wifi LAN or your inbox has been stolen/intruded…you better check whether your card has been misused.

The security promises Argos made are as shown below (screen scraped on 07/03/2010):


Surely, if you thought it’s necessary to encrypt the transaction process then why would you be dumb enough to embed those same data in confirmation emails sent in plaintext?

Source of the flaw

The flaw was discovered by a PCPro reader when he was searching for another receipt in his email inbox using the last 4 digits of his card number. To his surprise, the order confirmation email from Argos came up and that’s when the critical flaw was found.

VeriSign confirmed the flaw and Argos claim to have apologised to that very customer but said he’s the only one who has reported the incident.

However, the story doesn’t end there. The latest news is that PCPro has found another flaw in those very same confirmation emails. The details are EMBEDDED in the URL which was supposed to direct the customer to the security page! How ironic!

WHY Argos?? (The consequence is not just in the email itself but your browser history too).

My personal experience

Luckily, I haven’t bought anything from Argos online for a very long time. However, I did manage to dig up an order confirmation email I had from Argos for an order back in 2007. I did a check in the HTML of the email and I don’t see any of the details embedded. In fact, none of the four fields of personal details I listed above were included in the confirmation email. So, what happened Argos and why?