Installation Cupcarbon : Smart City and Internet of Things Wireless Sensor Network simulator

1.    CupCarbon is a Smart City and Internet of Things Wireless Sensor Network (SCI-WSN) simulator. Its objective is to design, visualize,debug and validate distributed algorithms for monitoring,environmental data collection, etc., and to create environmental scenarios such as fires, gas, mobiles, and generally within
educational and scientific projects. Not only it can help to visually explain the basic concepts of sensor networks and how they work; it also supports scientists to test their wireless topologies, protocols, etc.

2.   Although otherwise an easy installation,but with the Java changes effecting 16 Apr 2019 wherein the release of Oracle Java 8 update 211 / 212 – also known as Oracle’s first ‘not free for production use’ patchset,the installation instructions are little changed.

3.   This post will bring you simple set of commands executed with screenshots to run this awesome simulator CUPCARBON.The simulator is available for download at http://cupcarbon.com/download.html .

4.  Once downloaded the following commands will get you the desktop with cupcarbon running. My friend Ayaz helped me out in these.

$ sudo apt-get update

 $ sudo apt-get upgrade

 next we need to check if java is installed by checking the version by the following command :

$ java -version

If there is no java installed we need to install by typing the following :

$ sudo apt install openjdk-11-jre-headless

 Once installed check the output and we should get the following :

 Now we need to install javafx with the following command :

$ sudo apt install openjfx

 Once installed,we can query with the following command and get the expected output as seen below :
$ dpkg-query -L openjfx

/usr
/usr/share
/usr/share/doc
/usr/share/doc/openjfx
/usr/share/doc/openjfx/TODO.Debian
/usr/share/doc/openjfx/changelog.Debian.gz
/usr/share/doc/openjfx/copyright
/usr/share/openjfx
/usr/share/openjfx/lib
/usr/share/openjfx/lib/javafx.properties
/usr/share/openjfx/lib/javafx.base.jar
/usr/share/openjfx/lib/javafx.controls.jar
/usr/share/openjfx/lib/javafx.fxml.jar
/usr/share/openjfx/lib/javafx.graphics.jar
/usr/share/openjfx/lib/javafx.media.jar
/usr/share/openjfx/lib/javafx.swing.jar
/usr/share/openjfx/lib/javafx.web.jar

Now move to the location where you have downloaded the cupcarbon.jar file.Unzip the same and change the execution properties as

$ chmod +x cupcarbon.jar

Once done,we need to execute and run the carbon.jar file by defining the route and javafx

$ java --module-path /usr/share/openjfx/lib --add-modules=javafx.controls,javafx.fxml,javafx.base,javafx.media,javafx.web,javafx.swing -jar '/home/smartbuilding/Downloads/cupcarbon/CupCarbon/cupcarbon.jar'

Here in the above command you need to define and enter the path which is being used in ur PC.In my case the path is home/smartbuilding/Downloads/cupcarbon/CupCarbon/cupcarbon.jar

The above should run successfully and give you the below screen that runs the cupcarbon simulator

Thanks Ayaz bhai....for the inputs.He is available at https://ayaztechy.blogspot.com/

How to install Graylog on Ubuntu 18.04.1 LTS ?

1.    Graylog2 is a powerful log management and analysis tool that has many use cases, from monitoring SSH logins and unusual activity to debugging applications. It is based on Elasticsearch, Java, MongoDB, and Scala.The installation is not exactly to say simple since a lot of integration goes behind involving different applications including Elasticsearch, Java, MongoDB, and Scala. But in few steps and little modifications in default configuration files,the same can be run with ease.

2.   Below are terminal commands with screen shots to achieve the same running

Firstly,the system that I m installing the GRAYLOG on ..the specs are as below

 Then coming to the root terminal...from where all the commands will be executed for installation.

$ apt update && apt upgrade

 Next we install the JDK module

$ apt install apt-transport-https uuid-runtime pwgen openjdk-8-jre-headless

 This is followed by installing ELASTICSEARCH

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

 $ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

Next we install
 $ apt update && apt install elasticsearch

This is followed by enabling the service and starting

$   systemctl enable elasticsearch $   systemctl start elasticsearch

Amend cluster.name as graylog

 Followed by these lines at the EOF

script.inline: false

script.indexed: false

script.file: false

 

This is followed by

$ systemctl restart elasticsearch

 

Now install the key

$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 

 Then MANGODB repository

$ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list

 Install mongodb

$ apt update && apt install mongodb-org

$   systemctl start mongod

$    systemctl enable mongod

$ wget https://packages.graylog2.org/repo/packages/graylog-2.5-repository_latest.deb
$ dpkg -i graylog-2.5-repository_latest.deb
$ apt-get update
$ apt-get install graylog-server

After installation of the Graylog package is finished, we need to edit the configuration file to set our password in it and we do it using pwgen command 

$ pwgen -N 1 -s 96

 $ echo -n your_password | sha256sum

 

We place the above generated output in the conf file as seen below : 

Assistance reference from https://www.osradar.com/how-to-install-graylog-on-ubuntu-18-04/ - Thanks

VEGA SCANNER : Powerful Open Source Web Application Vulnerability Scanner

1.   Vega is one free and open source scanner and testing platform to test the security of web applications by Subgraph, an open source security software company. Vega can help find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. 

Main Features:

    Automated Crawler and Vulnerability Scanner
    Consistent UI
    Website Crawler
    Intercepting Proxy
    SSL MITM
    Content Analysis
    Customizable alerts
    Database and Shared Data Model

2.   So to launch Vega in Kali Linux...go to Web Applications then to Web Vulnerability Scanners and select Vega. 

 Vega will flash an introduction banner and display a GUI

Vega has Scanner and Proxy tabs as u play with the interface as seen below. To use Vega as a Scanner,click on the Scanner tab , click on Scan on the top-left corner and select to start new scan

 You will see an input field asking for the target. The screen shot tested below is targeting www.thesecurityblogger.com. Choose target and click on Next:

3.   It takes time to scan but gives pretty exhaustive results and presents a summary too.

Apple Needs a Doctor : Bitten by JAVA - 2

1.    The Flashback fiasco,as discussed in brief here, was the catalyst for one of the most meaningful decisions Apple made in order to beef up OS X security ie Removing JAVA. "Flashback both led to Apple removing Java from their default installs, and prompted them to release a dedicated cleanup tool," security researcher (and former security engineer for Obama for America) Ben Hagen told Ars. "When an OS vendor releases a dedicated cleanup tool, you know things are bad.The removal of Java was a very Interesting decision and de facto statement by Apple. Java on user systems has become a notorious vector for exploitation; with new, remotely executable vulnerabilities coming out several times last year," Hagen said. "Removing Java both simplifies Apple’s position and provides a safer default state for its users."[Source : http://arstechnica.com/].

2.    Another key decision taken by apple apart from disowning JAVA was endevor to signed security model for apps ie restrict the origin of third-party apps installed on the system, therefore protecting the user from inadvertently installing apps from malicious or unknown sources.Called Gatekeeper, this feature required Apple's developer ecosystem to either sign their apps with a registered certificate—holding them at a higher level of responsibility for when things go haywire—or selling their wares through the Mac App Store and giving Apple its 30 percent cut. [Source : http://arstechnica.com/].

3.   Java is a veri popular program and is used by millions of users worldwide in Windows, Mac and Linux operating systems and in mobile and television devices. It is this popularity that has made it a favorite target of the hackers.So today when we cannot surf without enabling JAVA.....apples decision is indeed a tough step....for those of you who do not realise the importance of JAVA...just try surfing the web disabling JAVA scripts in your browser...u will be surprised you will be prompted at every step to ensure a successful loading of most of the web pages....In fact the U.S. Department of Homeland Security advised computer users to temporarily disable or uninstall Oracle Corp's Java software, stating that a serious flaw in the software could make the system vulnerable to hacking.The warning came in an advisory posted on the department’s website amid the escalating fears and warnings from the net security experts about a flaw in Java Runtime Environment (JRE) 7 and earlier versions that allows the hackers to install malicious software and malware on computers.The vulnerability is so dangerous that the Department of Homeland Security's Computer Emergency Readiness Team urged the people to stop using the software immediately to mitigate damage.Source : [http://www.ibtimes.com/]

4.   So...did u just start thinking of disabling JAVA?????

Apple Needs a Doctor : Bitten by JAVA - 1

1.   The year last ie 2012 was full of various security OS issue like it has always been over years...but one landmark news that made waves was the flashback malware that hit APPLE's Mac that has been long promoted as a safer OS amongst other peer competitors.But as always SIZE DOES MATTER..so as APPLE and market share grew, it became more proner. Dr  Web said that an estimated 600,000 Macs were as of April 2012 infected as a result of users unknowingly installing the FlashBack malware.So before I move ahead...here's a simple FAQ compiled to understand more about FLASHBACK :

What exactly is Flashback?

-  Flashback is a form of malware designed to grab passwords and other information from users 

-  Spread through Web browser and other applications such as Skype. 

-  The user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. 

-  At this point, the software installs code designed to gather personal information and send it back to remote servers. 

Apple needs a DOCTOR

When did it first appear?

-  End of September 2011

-  Pretending to be an installer for Adobe's Flash the malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. 

What has Apple done about it?

-  Apple has its own malware scanner built into OS X called XProtect. 

-  Since Flashback's launch, the security tool has been updated twice.

-  A more recent version of the malware, however, got around XProtect by executing its files through Java. 

-  Apple closed off the malware's main entry point with a Java update on April 3, and has since released a removal tool as part of a subsequent Java update.

How do I tell if I have it?

-  Right now the easiest way to tell if your computer has been infected is to head to security firm F-Secure and download its Flashback detection and removal software. 

JAVA SE DEVELOPMENT KIT NOT FOUND!!!!

1.   On way to experiment with android application with the stand SDK toolkit....i got messed up with the installation procedure so much that i thought of just leaving it..... in spite of all java installed  i got this screen.....

2.   I read all trouble shoots of on JAVA site.....some diverted me to registry editors and what not.......till i got the correct answer...simply click BACK and then NEXT again......khatam...thats the end of it.....

The Gawker case : EXPERIENCING A HACK

1.   A six-letter password in lower-case text takes a hacker's computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password. Thus simply upper-casing your password can minimise a hacker's chance of finding out your account.Add numbers and/or symbols to your password and the hacker's computer has to work for 18 days.Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password.The most used passwords are 123456, password, 12345678, qwerty and abc123. 

2.   I read about the Gawker case recently wherein the subject media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.Now imagine some one like Yahoo or Google requesting one fine day on a similar line....won't our heart come out????

3.   The exact Gawker announce ment goes like this 

“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords. We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

4.   The problem emanated when Gawker recently launched a multi-site redesign thatthat failed spectacularly, leading visitors to blank pages. The culprit was a misbehaving piece of JavaScript, but when a single line of JavaScript causes your entire suite of sites to fail you no longer have websites, you have, well, nothing.The problem with Gawker’s redesign is that it uses JavaScript to load everything. That means that, not only is there no chance for the site to degrade gracefully in browsers that don’t have JavaScript enabled, the smallest JavaScript typo can crash the entire website.

5.   Now we all have seen it personally as we sometimes tend to have the same password for multiple accounts on the web.....this could be a simple fall like a pack of cards...one point failure leads to the complete fort coming down.....so guys...take care....change ur passwords for better and stronger security.....