--------------------------------------------------------------------------------------------------------------------------
RANKING ULASAN1/ULASAN2 PESERTA OS 2016-2
--------------------------------------------------------------------------------------------------------------------------
01. [U1-45] http://stephanussoekendar.blogspot.com/2016/12/ulasan-1-osv-sistem-operasi-untuk-java.html
02. [U1-04] https://psudeosudo.blogspot.co.id/2016/11/linux-sucks.html
03. [U2-31] http://awdictas.blogspot.com/2016/12/os162-review2-writing-bad-malware-for.html
04. [U2-15] http://ardifasilkom.blogspot.co.id/2016/12/ulasan-1-microduino-marketing-director.html
05. [U1-25] http://tajghinaqf.blogspot.co.id/2016/12/ulasan-1.html
06. [U1-44] http://ismailrajir.blogspot.co.id/2016/12/internet-of-things.html
07. [U2-21] http://fitriasari-os162.blogspot.co.id/2016/12/ulasan-2_9.html
08. [U2-18] http://dwitri-rizkydarmawan.blogspot.co.id/2016/12/ulasan-2.html
09. [U1-19] http://joshiarheinier.blogspot.co.id/2016/12/ulasan-1.html
10. [U2-14] http://alvinrezalugiana.blogspot.co.id/2016/12/ulasan-2-operating-system-networking.html
11. [U2-25] http://ahmadhilman-os162.blogspot.co.id/2016/12/introduction-to-practical-hacking-and.html
12. [U1-31] http://louissihombing.blogspot.co.id/2016/12/controlling-hijacking-attacks.html
13. [U1-20] http://keynekassapa13.blogspot.co.id/2016/12/review1-deadlock.html
14. [U1-27] http://luthfanrasyad.blogspot.co.id/2016/12/ulasan-1-network-convergence.html
15. [U1-34] http://ahmadhilman-os162.blogspot.co.id/2016/12/hybrid-cloud-infrastructure-introduction.html
16. [U2-26] http://rizkyaly.blogspot.co.id/2016/12/ulasan-2.html
17. [U1-26] http://alvinrezalugiana.blogspot.co.id/2016/12/operating-system-introduction-to-hacking.html
18. [U1-21] http://rizkyaly.blogspot.co.id/2016/12/the-video-that-im-reviewing-for-my-os.html
19. [U2-12] http://keynekassapa13.blogspot.co.id/2016/12/review2-io-system-and-device-drivers.html
20. [U2-23] http://louissihombing.blogspot.co.id/2016/12/threat-models.html
21. [U2-38] http://ulasan2putrireitasya.blogspot.co.id/2016/12/principle-of-operating-system.html
22. [U1-28] http://awdictas.blogspot.com/2016/12/review1-cloud-based-network-management.html
23. [U1-35] http://tugasos162.blogspot.co.id/2016/12/windows-10-your-own-creepy-stalker.html
24. [U1-42] http://andhitanurulainun.blogspot.co.id/2016/12/ulasan-1.html
25. [U2-17] http://catatanpartoba.blogspot.co.id/2016/12/ulasan-2_9.html
26. [U2-29] http://psudeosudo.blogspot.co.id/2016/12/blog-post.html
27. [U2-39] http://rahmanfathin.blogspot.co.id/2016/12/ulasan2.html
28. [U1-12] http://fascalgh.blogspot.co.id/2016/12/ulasan-1.html
29. [U2-04] http://twobunny22.blogspot.co.id/2016/12/ulasan-2-operating-system.html
30. [U2-22] http://www.kompidolar.com/2016/12/fork-dan-exec.html
--------------------------------------------------------------------------------------------------------------------------
Oleh (GITHUB) : rraihansaputra
URL BLOG RANKING : http://os162-rrrsss.blogspot.com/2016/12/ranking.html
Revisi Pertama : 2016-12-13
--------------------------------------------------------------------------------------------------------------------------
OS162-RS
Monday, December 12, 2016
Saturday, December 10, 2016
ULASAN 2
https://www.youtube.com/watch?v=_j1LWehywgc
Defcon 21 - ACL Steganography - Permissions to Hide Your Porn
Michael Perklin
44m48s
Steganography is technique to hide information/message in plain sight. The concept itself has already been around for centuries, examples of usage includes tattooing a message into someone’s scalp and let their hair regrow, then shaving their head to read the message. Other past techniques includes slipping morse signals into weaving/stitches on sweaters or tapestry. The important point of steganography that differs from encryption is to have a decoy message that is valid, thus throwing off unintended recipients to only see the decoy message instead of trying to find the hidden message inside it. In computer applications, there are several ways to use steganography, such as encoding data in pixel data that are unrecognisable to human eyes (such as #FF3300 and #FF3301), in audio files, or in program instructions that does not affect the normal operations of the program (such as the number of NOP or complementary operations such as ADD 1 and SUB 1).
The new technique of stenography that the speaker presents in this talk is called ACL Steganography. The name is derived from the medium that is used to store the files, which is the ACL or Access Control Lists of files in the NTFS filesystems. These ACLs are used to determine the permissions that are granted to the users for every file/directory. These ACLs have ACEs (Access Control Entries) which contains the user IDs and their permissions. Each ACEs have 68KB of space, with 8KB reserved for the header and 60KB used to store the user IDs. The algorithm consists of splitting the file into 60KB chunks that are encoded as user IDs to the ACE of the decoy files. The files appears unchanged when opened normally, while the hidden file can only be reconstructed by compiling the ACLs of the specific files in a certain order. While the hidden file is stored in plaintext (you can search for the contents of the files using certain tools), if you hide an encrypted volume/file, the hidden file becomes noise in which differentiating them with legit ACLs impossible.
This talk is really interesting to me because hiding files in plain sight is quite a hard problem to solve. By examining the structures that are provided by the OS/File system, one could hide data in metadata of the files itself that nobody else would thought to look in. And steganography is very important when you have to relay a message through an open channel such as the internet. Steganography is also important when you have to hide files from a peering eye such as an investigator or an adversary. These techniques could lead to saving lives or world breaking revelations in the times of increasing surveillance of the internet.
rraihansaputra
http://os162-rrrsss.blogspot.com/2016/12/ulasan-2.html
https://www.youtube.com/watch?v=_j1LWehywgc 44m48s
2016-12-10
Defcon 21 - ACL Steganography - Permissions to Hide Your Porn
Michael Perklin
44m48s
Steganography is technique to hide information/message in plain sight. The concept itself has already been around for centuries, examples of usage includes tattooing a message into someone’s scalp and let their hair regrow, then shaving their head to read the message. Other past techniques includes slipping morse signals into weaving/stitches on sweaters or tapestry. The important point of steganography that differs from encryption is to have a decoy message that is valid, thus throwing off unintended recipients to only see the decoy message instead of trying to find the hidden message inside it. In computer applications, there are several ways to use steganography, such as encoding data in pixel data that are unrecognisable to human eyes (such as #FF3300 and #FF3301), in audio files, or in program instructions that does not affect the normal operations of the program (such as the number of NOP or complementary operations such as ADD 1 and SUB 1).
The new technique of stenography that the speaker presents in this talk is called ACL Steganography. The name is derived from the medium that is used to store the files, which is the ACL or Access Control Lists of files in the NTFS filesystems. These ACLs are used to determine the permissions that are granted to the users for every file/directory. These ACLs have ACEs (Access Control Entries) which contains the user IDs and their permissions. Each ACEs have 68KB of space, with 8KB reserved for the header and 60KB used to store the user IDs. The algorithm consists of splitting the file into 60KB chunks that are encoded as user IDs to the ACE of the decoy files. The files appears unchanged when opened normally, while the hidden file can only be reconstructed by compiling the ACLs of the specific files in a certain order. While the hidden file is stored in plaintext (you can search for the contents of the files using certain tools), if you hide an encrypted volume/file, the hidden file becomes noise in which differentiating them with legit ACLs impossible.
This talk is really interesting to me because hiding files in plain sight is quite a hard problem to solve. By examining the structures that are provided by the OS/File system, one could hide data in metadata of the files itself that nobody else would thought to look in. And steganography is very important when you have to relay a message through an open channel such as the internet. Steganography is also important when you have to hide files from a peering eye such as an investigator or an adversary. These techniques could lead to saving lives or world breaking revelations in the times of increasing surveillance of the internet.
rraihansaputra
http://os162-rrrsss.blogspot.com/2016/12/ulasan-2.html
https://www.youtube.com/watch?v=_j1LWehywgc 44m48s
2016-12-10
ULASAN 1
https://www.youtube.com/watch?v=lTngMxmymX4
DEFCON: Crypto for Hackers
Eijah (demonsaw)
55m51s
This talk was given in front of DEFCON audience in the yearly conference in Las Vegas. The speaker of the talk is known as @demon_saw on twitter.
The Snowden revelations shocked the world. Most have known that intelligence government agencies have the capability to spy and gather information from the internet, but the scale and the sophistication of the data gathering done by the NSA and other agencies around the world makes the whole community think again about the way they are being tracked by the government. Not only the agency, the leaks also implicates the private corporations which cooperates with these agencies, eroding trust in a centralised system needed in the current systems of communications. The consequence of this, a world without secrets, is a scary world in which every little thing you say or do can be tracked be held against you, whether in court or by blackmail. In this increasingly hostile environment to be the aggressor, there is only one way to keep secrets and keep our freedom. Encryption enables people to talk over publicly watched channels while keeping the communications secure and undetected. While the techniques and tools for encryption (such as ciphers and softwares) have been available for a long time, its use only increased recently and only prominent in certain circles such as activists, whistleblowers, and journalists working with sensitive topics. More people need to use encryption to maintain their freedom over what they talk in private with others.
Most people are intimidated when they see the terms when they try to use encryption, such as PGP, AES, MD5 and such. It does not help too that most guides to using encryption still mostly use tools that have to be used through command line interface instead of a user-friendly GUI that can be used by anyone. Another hurdle to using encryption is the need to keep context of the variables you use when you are using them. For example, when using PGP encryption, you need to keep track of your keys and other people’s key. You need to remember where you put your own private and public keys and where you have stored other people’s public key to communicate with them. Not everybody have the time or the resources to keep up on that. Coming off of these difficulties, demon_saw has created a tool that does not rely on a central authority (that needs to check a user’s id and password) to communicate with each other, which also is very simple to use called demonsaw.
I think this talk is very important to watch, as the more recent leaks shows how prevalent is this surveillance over the internet is. Having crypto means having freedom, the freedom of not having to think about the consequence of every single thing that we talk over the internet. And the development of tools enabling the wider use of encryption is always welcome. The current trend really shows that we as a community needs to be self sufficient and not rely on centralised systems for our private and/or sensitive communications.
rraihansaputra
http://os162-rrrsss.blogspot.com/2016/12/ulasan-1.html
https://www.youtube.com/watch?v=lTngMxmymX4 55m51s
2016-12-10
DEFCON: Crypto for Hackers
Eijah (demonsaw)
55m51s
This talk was given in front of DEFCON audience in the yearly conference in Las Vegas. The speaker of the talk is known as @demon_saw on twitter.
The Snowden revelations shocked the world. Most have known that intelligence government agencies have the capability to spy and gather information from the internet, but the scale and the sophistication of the data gathering done by the NSA and other agencies around the world makes the whole community think again about the way they are being tracked by the government. Not only the agency, the leaks also implicates the private corporations which cooperates with these agencies, eroding trust in a centralised system needed in the current systems of communications. The consequence of this, a world without secrets, is a scary world in which every little thing you say or do can be tracked be held against you, whether in court or by blackmail. In this increasingly hostile environment to be the aggressor, there is only one way to keep secrets and keep our freedom. Encryption enables people to talk over publicly watched channels while keeping the communications secure and undetected. While the techniques and tools for encryption (such as ciphers and softwares) have been available for a long time, its use only increased recently and only prominent in certain circles such as activists, whistleblowers, and journalists working with sensitive topics. More people need to use encryption to maintain their freedom over what they talk in private with others.
Most people are intimidated when they see the terms when they try to use encryption, such as PGP, AES, MD5 and such. It does not help too that most guides to using encryption still mostly use tools that have to be used through command line interface instead of a user-friendly GUI that can be used by anyone. Another hurdle to using encryption is the need to keep context of the variables you use when you are using them. For example, when using PGP encryption, you need to keep track of your keys and other people’s key. You need to remember where you put your own private and public keys and where you have stored other people’s public key to communicate with them. Not everybody have the time or the resources to keep up on that. Coming off of these difficulties, demon_saw has created a tool that does not rely on a central authority (that needs to check a user’s id and password) to communicate with each other, which also is very simple to use called demonsaw.
I think this talk is very important to watch, as the more recent leaks shows how prevalent is this surveillance over the internet is. Having crypto means having freedom, the freedom of not having to think about the consequence of every single thing that we talk over the internet. And the development of tools enabling the wider use of encryption is always welcome. The current trend really shows that we as a community needs to be self sufficient and not rely on centralised systems for our private and/or sensitive communications.
rraihansaputra
http://os162-rrrsss.blogspot.com/2016/12/ulasan-1.html
https://www.youtube.com/watch?v=lTngMxmymX4 55m51s
2016-12-10
Subscribe to:
Posts (Atom)