Mypapit Computer related circle of feeds

ComputerTechnology (65 unread)

PHP Classes: Latest entries

Mysql OO

Posted: March 16th, 2010, 3:18pm MYT

Package: Mysql OO Summary: Execute MySQL queries from lists of parameters Groups: Databases, PHP 5 Author: sarjo Description: This class can be used to execute MySQL queries from lists of parameters.

It can execute SQL SELECT, INSERT, UPDATE and DELETE queries from lists of parameters that define tables, fields, field values and condition clauses.
ABC_RSS

Posted: March 16th, 2010, 2:59pm MYT

Package: ABC_RSS Summary: Compose and generate RSS 2.0 feeds Groups: PHP 5, XML Author: Richard Lucas Description: This class can be used to compose and generate RSS 2.0 feeds.

It can compose the details of the RSS feed channel and the items it contains.

The class can generate the XML string and either store it in a file, display it in the browser as the current script output, or force the browser to download.
Linux PC ports

Posted: March 16th, 2010, 2:59pm MYT

Package: Linux PC ports Summary: Read and write data to computer I/O ports on Linux Groups: Hardware, PHP 5, Unix Author: Luis Martinez Ulloa Description: This class can be used to read and write data to computer I/O ports on Linux.

It open a given I/O and read or write arbitrary data to that port.

The current user running PHP to use this class should be root.
MySQL OO

Posted: March 16th, 2010, 2:59pm MYT

Package: MySQL OO Summary: Execute MySQL queries from lists of parameters Groups: Databases, PHP 5 Author: sarjo Description: This class can be used to execute MySQL queries from lists of parameters.

It can execute SQL SELECT, INSERT, UPDATE and DELETE queries from lists of parameters that define tables, fields, field values and condition clauses.
EU VAT Checker

Posted: March 15th, 2010, 2:24pm MYT

Package: EU VAT Checker Summary: Validate European Union VAT numbers Groups: Finances, PHP 5, Validation, Web services Author: Martin Dahl-Larsen Description: This class can be used to validate European Union VAT numbers.

It takes a VAT number issued by any European Union member and performs basic checking to see if the number can be valid.

Then the class also validate the VAT number by sending a HTTP request to a site of an European Union that checks if the given number is valid and exists.
YouTube Trailer

Posted: March 15th, 2010, 1:10pm MYT

Package: YouTube Trailer Summary: Search and embed movie trailers from YouTube Groups: PHP 5, Searching, Video, Web services Author: Nitesh Apte Description: This class can be used to search and embed movie trailers from YouTube.

It can send an HTTP request to retrieve and parse the YouTube search result pages for a trailer of a given movie.

The class extracts the identifier of the first result video and generates HTML to embed that video in a Web page.

TaoSecurity

Verizon Incident Sharing Framework

Posted: March 15th, 2010, 4:16am MYT

Earlier this month Verizon Business announced their Verizon Incident Sharing Framework (VerIS framework). This document is a means to describe digital security incidents, using four main groupings: 1. Demographics, 2. Incident Classification, 3. Discovery and Mitigation, and 4. Impact Classification.

The idea is to provide a framework that incident investigators can complete for every digital security incident. Using the output, security teams can better identify trends and make recommend improved security strategies and tactics. For example, Verizon builds their Data Breach Investigation Report using data from their incident responses as formatted using the VerIS framework.

Verizon asked me to participate on a "board" affiliated with this project, so you can expect to hear more from me. Verizon started a Zoho Forum to discuss the framework, but I think a Wiki would better facilitate collaboration and development of the document. At work we are working on our next generation incident management system, so I think the VerIS framework might help us identify information to collect on incidents.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

Table Simple

Posted: March 14th, 2010, 3:59pm MYT

Package: Table Simple Summary: Display MySQL query results in HTML tables Groups: Databases, HTTP, PHP 5 Author: César Bruschi Description: This class can be used to display MySQL query results in HTML tables.

It can execute a given MySQL SELECT query and display the results in an HTML table.

The table attributes, row colors, pagination links, custom column, etc. can be configured.
Easy file upload

Posted: March 14th, 2010, 3:59pm MYT

Package: Easy file upload Summary: Display and process forms to upload multiple files Groups: Files and Folders, HTML, PHP 5 Author: Sabin Cheruvattil Description: This class can be used to display and process forms to upload multiple files.

It can generate HTML to display one or more file upload fields in a form.

The class can also process the uploaded files by moving them to a given target directory, if they have one of the allowed file name extensions and do not exceed a given size limit.

TaoSecurity

Bejtlich Keynote at VizSec 2010

Posted: March 14th, 2010, 5:25am MYT

I am pleased to report that I've been invited to deliver the keynote at VizSec 2010 on 14 Sep in Ottawa, Ontario. I am on the Program Committee for a third year and will be evaluating papers soon. Please visit my post on calls for papers for DFRWS, VizSec, and RAID. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

Shorten url

Posted: March 13th, 2010, 3:45pm MYT

Package: Shorten url Summary: Shorten and expand URLs using different services Groups: PHP 5, Web services Author: carlos miguel guevara Description: This class can be used to shorten and expand URLs using different services.

It can send HTTP requests to the Web services API servers of different URL shortening services to perform either shortening (or expanding in the case of some of the services) of given URLs.

Currently it supports the URL shortening services: tinyurl.com, bit.ly, cli.gs, goo.gl, kl.am, is.gd, tr.im .
DS Pager

Posted: March 13th, 2010, 3:28pm MYT

Package: DS Pager Summary: Show links to browse listings split in pages Groups: HTML, PHP 5 Author: Narong Description: This class can be used to show links to browse listings split in pages.

It takes as parameters the total number of entries in the listing, the limit number of entries displayed per page and the number of the current page.

The class shows links to browse to the first, previous, next and last pages.

It can also return the total number of pages and a string with the values for the LIMIT clause of a SELECT database query.
Image uploader class

Posted: March 12th, 2010, 3:57pm MYT

Package: Image uploader class Summary: Process uploaded image files Groups: Files, HTTP, PHP 5 Author: Alaa Al-Hussein Description: This class can be used to process uploaded image files.

It can copy uploaded files to a given destination directory if the directory exists and is valid.

The class can also and crop and resize files that are images.
flexGen

Posted: March 12th, 2010, 3:42pm MYT

Package: flexGen Summary: Generate code to show MySQL results using Flex Groups: Code Generation, Flash, PHP 5 Author: thiago Description: This class can be used to generate PHP code to show MySQL results in a Flex application.

It can generate a Flex application definition for retrieving results of a MySQL query and displaying in a data grid presented using Flex.

The class can also generate the PHP code script that runs on the server side to execute and retrieve the MySQL results.
CTimer

Posted: March 11th, 2010, 3:58pm MYT

Package: CTimer Summary: Measure the time elapsed during PHP execution Groups: PHP 5, Time and Date Author: Pavel Astakhov Description: This class can be used to measure the time elapsed during PHP execution.

It can start counting time and at any time later stop and get the elapsed time since the start.
Back Propagation Scale

Posted: March 11th, 2010, 3:53pm MYT

Package: Back Propagation Scale Summary: Implement neural networks using back propagation Groups: Artificial intelligence, PHP 5 Author: freedelta Description: This class can be used to implement neural networks using back propagation.

It can setup a neural network work with a given number of layers.

The class takes a data set and a test output data set and runs the neural network using back propagation to to adjust weights based on network errors.

TaoSecurity

Bejtlich OWASP Podcast Posted

Posted: March 10th, 2010, 11:01pm MYT
My appearance on OWASP Podcast 61 is available.

The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate.

We recorded the podcast in late January. Jim asked me the following questions:
1. Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days?
2. What's the difference between focusing on threats vs focusing on vulnerabilities?
3. What is your problem with the "protect the data" mindset?
4. What do you mean by "building visibility in"?
5. What is your take on the Aurora/Google hack?
6. You just tweeted that "Network Security Monitoring ideology is the proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are the limits of Network Security Monitoring?
7. How important a role do you think secure coding and secure software development life-cycle play in defending the enterprise?
8. Have HIPAA, PCI, SOX and other regulations helped reduce risk in the average enterprise?
9. Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn the tide?
10. Any thoughts on OWASP? Are we helping the cause?
11. Where are we going to be as an industry in 10 years?
12. You blogged that "The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when there is no verifiable integrity in the system in the first place?
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

Array 2 XML OO

Posted: March 10th, 2010, 3:49pm MYT

Package: Array 2 XML OO Summary: Generate a XML document from array values Groups: PHP 5, XML Author: Mustafa TURAN Description: This class can be used to generate a XML document from array values.

It traverses a given array recursively to get the values that are used to define the tags and data of the XML document.

The generated XML document is served as the current script output.
Image Processor (CSS)

Posted: March 10th, 2010, 3:45pm MYT

Package: Image Processor (CSS) Summary: Draw images defined with CSS like properties Groups: Graphics, PHP 5 Author: Tufan Baris YILDIRIM Description: This class can be used to draw images defined with CSS like properties.

It can create an empty image or open and existing image from a file.

The class can draw different types of primitives using CSS like style strings to define the parameters of those primitives.

Currently it can draw text strings, other images like watermarks, lines, rectangles, circles, ellipses, etc..

The generated image can also be cropped and resized before it is saved to a file.
Query Build Exec

Posted: March 9th, 2010, 3:59pm MYT

Package: Query Build Exec Summary: Build and execute MySQL queries from bean objects Groups: Databases, PHP 5 Author: Hussam Abd El Razek El Kurd Description: This package can be used to Build and execute MySQL database queries from bean objects.

It can take an object from a bean class and use PHP reflection to extract the object variable values in order to compose and execute SQL INSERT, UPDATE and DELETE queries on a given MySQL database.
MPO Extractor

Posted: March 9th, 2010, 3:55pm MYT

Package: MPO Extractor Summary: Extract images from Fuji MPO files Groups: Files and Folders, Graphics, PHP 5 Author: Mihai Scurtu Description: This class can be used to extract images from Fuji MPO files.

It can parse a given MPO file and extract the JPEG images that are contained in it.

The extracted images can be returned as strings, GD image resources, or be stored in other files with the same base file name as the original, but appended of the image number and the .jpg extension.

TaoSecurity

Traffic Talk 10 Posted

Posted: March 9th, 2010, 3:09am MYT

I just noticed that my tenth edition of Traffic Talk, titled Pcapr.net -- where Web 2.0 meets network packet analysis, has been posted. From the article:

Solution provider takeaway: Pcapr.net is a free packet collaboration site hosted by Mu Dynamics. Solution providers can participate in the community to exchange, analyze and gather traces for testing products or processes for their customers, including network packet analysis.

Not many networking solution providers are happy with the apparently limited number of network traces available for testing their products or processes. Hardly a day goes by on a network-focused mailing list without a participant asking, "Where can I download network traffic to test X?" Fortunately for anyone who wants to take network traffic exchange to a new level, Mu Dynamics has answered the call. Its Pcapr.net site is the self-proclaimed "Web 2.0 for packets." In this edition of Traffic Talk, we'll take a tour of Pcapr.net to see what features it offers networking solution providers, including network packet analysis.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

MySQL & Session

Posted: March 8th, 2010, 3:59pm MYT

Package: MySQL & Session Summary: Store and retrieve PHP session data in MySQL table Groups: Databases, PHP 5, User Management Author: sudhir vishwakarma Description: This class can be used to store and retrieve PHP session data in an MySQL table.

It is an handler class that provides an interface for replacing the default session storage handler.

The class stores session data in a MySQL database table named sessions.
Stream Steganography

Posted: March 8th, 2010, 3:57pm MYT

Package: Stream Steganography Summary: Store and hidden information in PNG images Groups: Cryptography Author: Pedro Vargas Description: This class can be used to store hidden and retrieve hidden information from PNG images.

It can take a given PNG image and store hidden information in it my using the least significant bits of color of the image pixels to store encoded information.

The class may also do the opposite, i.e, open a PNG image and retrieve previously stored information using the method above.
Fibonacci

Posted: March 7th, 2010, 3:55pm MYT

Package: Fibonacci Summary: Generate Fibonacci sequence numbers Groups: Math, PHP 5 Author: Artur Barseghyan Description: This class can be used to generate Fibonacci sequence numbers.

It provides an iterator interface to generate the following Fibonnaci number when retrieving the next iterator element.
Simple record set

Posted: March 7th, 2010, 3:48pm MYT

Package: Simple record set Summary: Get and show record sets with different databases Groups: Databases, HTML Author: Ronald Leon Description: This class can be used to get and show record sets with different databases.

It provides a common interface to access different types of databases and execute SQL queries, retrieve query results and display the results in paginated listings.

Currently it supports MySQL, Microsoft SQL server and PostgreSQL.

TaoSecurity

Einstein 3 Coming to a Private Network Near You?

Posted: March 7th, 2010, 11:28am MYT

In my Predictions for 2008 I wrote:

Expect greater military involvement in defending private sector networks... The plan calls for the NSA to work with the Department of Homeland Security (DHS) and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the "Cyber Initiative."

Now in Feds weigh expansion of Internet monitoring we read:

Homeland Security and the National Security Agency may be taking a closer look at Internet communications in the future.

The Department of Homeland Security's top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector. The technology was created for federal networks.

Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that the department is evaluating whether Einstein "makes sense for expansion to critical infrastructure spaces" over time.

Not much is known about how Einstein works, and the House Intelligence Committee once charged that descriptions were overly "vague" because of "excessive classification." The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency.

The first step towards creating Cyber NORAD is instrumentation. Stay tuned.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Making a Point with Pressure Points

Posted: March 7th, 2010, 6:06am MYT

Imagine you're a martial arts student. One day you have a guest instructor, accompanied by some of his black belts. They're experts in so-called "pressure point fighting." You've heard a little of this system, whereby practitioners can knock out adversaries with a series of precise strikes that lack the power of a brute-force approach. Until today you've had no direct experience. You may be skeptical, or maybe you believe such techniques are possible.

The seminar starts. You watch the guest instructor explain his techniques. He starts knocking out his black belts. Maybe you believe what you see, or maybe you don't. Then the instructor asks for volunteers, and several of your fellow students agree. The instructor knocks them all out, including a student you really trust to not "take a fall" to make the guest "look good." You ask the student "what happened?" and he replies "that dude knocked me out!"

Next the black belts fan out through the class to help teach pressure point techniques. They ask you if you want to get knocked out with a three-strike technique, or if you just want to feel disoriented with a two-strike technique. You decide you're a believer at this point, but you want to see what it feels like to receive a two-strike technique. Sure enough, two rapid strikes later, you're wondering what happened but are still conscious. That's all you need to believe; you're glad you're not lying on the floor, out cold!

The class ends. Several bystanders were watching through the studio's windows. Some of them are laughing. They think the whole class was fake, a joke, or stupid. Some witnesses are curious. They believe what they saw and want to know more. A few ask questions. Others mumble to themselves incoherently, probably intoxicated or mentally ill.

One of the students decides to talk to a famous yet local news reporter about his experience. This widely-read newspaper reports the story the next day, attracting a lot of attention.

With a wider audience, an extended discussion takes place about this pressure-point fighting activity.

One company conducts a Webcast and a spokesperson says "my mom used to knock me out with a frying pan when I was a kid!" He also says there's no difference between pressure-point fighting and getting punched in the face.

Another company decides to register a domain name called "pressurepointfighting.biz" and starts talking about how it works, applying what they know from Western boxing. This misses the mark but uninformed observers can't really tell the difference.

A third company jumps on the pressure point fighting bandwagon, issuing supposedly original research, inventing its own analysis, and integrating the technique into its marketing material. It turns out someone at the company had a confidential agreement with the original pressure point fighting instructor, but unilaterally decided to take a few pages out of his notebook and run to the market to make a fast buck.

A fourth company knows a lot about pressure point fighting. It writes original reporting based on its experience. Critics claim this company is just offering marketing based on the new craze.

Reaction to the news among those without direct experience is mixed, as might be expected.

Some readers are martial artists themselves. They fear being irrelevant. They are afraid their skills are not sufficient. They decide to ridicule anyone who participated in the seminar, or who has knowledge.

Some readers distrust authority. They think these techniques are just a government conspiracy to justify additional police powers. The only reason anyone is talking about such affairs is their need to get greater budgets for their oppressive police powers, man!

Some readers think the whole affair is "fear, uncertainty, and doubt" (FUD). Who could knock out a person by hitting a few pressure points? It's all a lie, or just the latest craze. It must be fake.

Some readers have been learning and practicing pressure point fighting for the last several years. They know it isn't a joke, and it is real. Also, some readers without experience realize they should learn more about pressure point fighting. That knowledge could save their lives, or the lives of those close to them. These like-minded people communicate privately, since the public arenas are now clogged with too many false discussions.

Aside from the fact that advanced persistent threat is an adversary, and not a fighting technique, this story explains the last 6 weeks of APT activity in the security industry. Not all factors are included, but enough to make my point.

Incidentally, the pressure point class is true, at least as far as the class content is described.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Keeping FreeBSD Applications Up-to-Date in BSD Magazine

Posted: March 6th, 2010, 10:22pm MYT

The March 2010 BSD Magazine includes an article I wrote titled Keeping FreeBSD Applications Up-to-Date.

It's a sequel to my article in the January 2010 BSD Magazine titled Keeping FreeBSD Up-to-Date: OS Essentials.

With these two articles published, they replace the versions I wrote in 2005.

I wrote these articles to demonstrate the variety of ways a system administrator can keep the FreeBSD operating system and applications up-to-date, with examples showing commands and effects.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

Search Files

Posted: March 6th, 2010, 3:58pm MYT

Package: Search Files Summary: Search for files in a directory Groups: Files and Folders, Searching Author: ASHFAQAHMED Description: This class can be used to search for files in a directory.

It can traverse a given directory recursively and find files that have a given name.

The class displays the path of the files that are found.
DS Create table

Posted: March 6th, 2010, 3:48pm MYT

Package: DS Create table Summary: Display an HTML table with data from an array Groups: HTML, PHP 5 Author: Narong Description: This class can be used to display an HTML table with data from an array.

It can iterate over an array of data values and generates an HTML table to display the values.
Automatic Priority Setting

Posted: March 5th, 2010, 3:48pm MYT

Package: Automatic Priority Setting Summary: Update priority records in a MySQL database table Groups: Databases, PHP 5 Author: Gautam Lohar Description: This class can update priority records in a MySQL database table.

It can execute queries for updating or deleting records in a given MySQL database table for priority entries for a given serial number identifier.
GraphML Generator

Posted: March 5th, 2010, 3:35pm MYT

Package: GraphML Generator Summary: Generate UML diagrams from PHP code using GraphML Groups: Graphics, PHP 5, Project Management Author: tucsi Description: This class can be used to generate UML diagrams from PHP code using GraphML.

It traverses a given directory to locate and parse PHP files. It scans the files for classes and their variables functions.

The class can generate UML diagrams in the GraphML format from the classes that were found.

TaoSecurity

Bejtlich Teaching at Black Hat EU and USA 2010

Posted: March 5th, 2010, 6:49am MYT
Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.

Next is Black Hat EU 2010 Training on 12-13 April 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I will be teaching TCP/IP Weapons School 2.0.

Registration is now open. Black Hat has three price points and deadlines for registration remaining.
- Regular ends 1 Apr
- Late ends 11 Apr
- Onsite starts at the conference
Finally we have Black Hat USA 2010 Training 0n 25-28 July 2010 at Caesars Palace in Las Vegas, NV. I will be teaching two sessions of TCP/IP Weapons School 2.0, one on the weekend and one during the week.

Registration is now open. Black Hat has set five price points and deadlines for registration.
- Super Early ends 15 Mar
- Early ends 1 May
- Regular ends 1 Jul
- Late ends 22 Jul
- Onsite starts at the conference
Seats are filling -- it pays to register early!

If you review the Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furthermore, you can take the class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus the DVD. I have been speaking with other trainers who are adopting this format after deciding they are also tired of the PowerPoint slide parade.

Feedback from my 2009 sessions was great. Two examples:

"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)

"In six years of attending Black Hat (seven courses taken) Richard was the best instructor." (Comment from student, 28 Jul 09)

If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in the new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of the OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.

I plan to retire TWS2 after Vegas this year and teach TWS3 in 2011, if Black Hat invites me back.

I recently described differences between my class and SANS if that is a concern.

I look forward to seeing you. Thank you.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Bejtlich to Speak at FIRST 2010

Posted: March 5th, 2010, 6:16am MYT

I'm happy to report that I will present Building a Fortune 5 CIRT Under Fire at FIRST 2010 on 16 Jun 10 in Miami, FL. I plan to attend the majority of the conference, since it is one of the few focused on incident detection and response. I hope to see you there!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

Proxy

Posted: March 4th, 2010, 3:50pm MYT

Package: Proxy Summary: Extract lists of proxy servers from remote sites Groups: Code Generation, PHP 5, Web services Author: Petter Kjelkenes Description: This class can be used to extract lists of proxy servers from remote sites.

It goes through a list of remote sites and retrieve pages that contain lists of proxy servers.

The class parses the retrieved pages to extract the proxy server addresses.

It generates a PHP script with the details of all the proxy servers.
Apinstall

Posted: March 4th, 2010, 3:33pm MYT

Package: Apinstall Summary: Show a progress bar for a server job using AJAX Groups: AJAX, HTML, PHP 5 Author: Pawel Janisio Description: This class can be used to show a progress bar for a job running on the serve using AJAX to update the bar.

It displays a bar place holder section on the page that will be updated when the job progresses.

The class also generates Javascript that uses the jQuery library to send AJAX requests to retrieve the job progress status.

The class gets update notices from the PHP script running the server job and updates a file that is updated with job progress information. This information is served to the browser when it gets the job status AJAX request.
CouchDB Session Handler

Posted: March 3rd, 2010, 3:59pm MYT

Package: CouchDB Session Handler Summary: Session handler that stores data in CouchDB Groups: Databases, PHP 5, User Management Author: Jo Giraerts Description: This package implements a PHP session handler that that stores and retrieves session data in a CouchDB database.

The handler class implements all session management functions by sending HTTP requests to a CouchDB database.
unlimg

Posted: March 3rd, 2010, 3:53pm MYT

Package: UNLimg Summary: Generate an image based on the hash of string Groups: Cryptography, Graphics Author: Luis Henrique Description: This class can be used to generate an image based on the hash of string.

It takes a text string and computes its hash using SHA1 algorithm.

The class renders an image with filled polygons defined by the resulting hashed string.

In Portuguese:

A classe computa o hash de uma string e usa esse valor para gerar uma imagem única, semelhante ao Identicon criado por Don Park.
Report

Posted: March 2nd, 2010, 3:50pm MYT

Package: Report Summary: Show MySQL results in pages updated using AJAX Groups: Databases, HTML Author: kai Description: This class can be used to show MySQL query results in pages with browse links updated using AJAX to avoid page reloading.

It can execute a given MySQL query and display the results in an HTML table.

The table may have headers with links that sort the results when they are clicked.

The listing may also be split in multiple pages with a limited number of result rows. Pagination links are display to let the user browse other query result pages.

AJAX requests are sent to retrieve new pages of results when either the sorting or pagination links are clicked to avoid full page reloading.
Typesafe Enum

Posted: March 2nd, 2010, 3:09pm MYT

Package: Typesafe Enum Summary: Implement enumerated values as class functions Groups: Code Generation, Data types, PHP 5 Author: Fabian Schmengler Description: This class can be used to implement enumerated values as class functions.

It takes the name of a class and the list of names for enumerated values to define and generates code for a new class that defines the enumerated values.

The enumerated values can be retrieved using static function calls to the generated class.
Trigonometric tools

Posted: March 1st, 2010, 12:37pm MYT

Package: Trigonometric tools Summary: Calculate sine, cosine and tangent of angles Groups: Math, PHP 5 Author: Mohammed Cherkaoui Description: This class can be used to calculate sine, cosine and tangent of angles.

It can perform calculations compute the sine of an angle from the cosine or tangent values, or the cosine of an angle from the sine or tangent.
Link CSV

Posted: March 1st, 2010, 12:27pm MYT

Package: Link CSV Summary: Load and merge the data of two CSV files Groups: Databases, Files and Folders, Tables Author: Schubertus Hodenus Description: This class can be used to load and merge the data of two CSV files.

It can load a CSV file and return an array with the loaded data.

The class can also take the arrays of data of two previously load and link them in order to merge the rows that have the same value of two given columns of each of the CSV files.

It can also add, change and delete rows of a CSV file, as well search for values in its rows.

The comments in the code are in German.
connector

Posted: February 28th, 2010, 3:59pm MYT

Package: connector Summary: Execute MySQL prepared queries Groups: Databases, PHP 5 Author: Muralikrishna Srinivasan Description: This class can be used to execute MySQL prepared queries.

It can prepare and execute MySQL prepared queries using the MySQLi extension.

The query values and types are passed as arrays.

The query results are returned as bi-dimensional arrays.
Binary Tree Representation

Posted: February 28th, 2010, 3:43pm MYT

Package: Binary Tree Representation Summary: Display the nodes of a tree in a MySQL database Groups: Databases, HTML Author: vijay Description: This class can be used to display the nodes of a tree in a MySQL database.

It can recursively traverse the nodes of a tree stored in MySQL database table and display the node names in an HTML page.
ApPHP Calendar

Posted: February 27th, 2010, 3:59pm MYT

Package: ApPHP Calendar Summary: Display month calendars in HTML tables Groups: AJAX, HTML, PHP 5, Time and Date Author: Chara Miteo Description: This class can be used to display month calendars in HTML tables.

It can generate HTML tables that display the days of calendar months of whole years.

The class displays links that allow browsing different month calendars using AJAX to avoid page reloading.
PHP MySQL list

Posted: February 27th, 2010, 3:57pm MYT

Package: PHP MySQL list Summary: Retrieve MySQL query results into arrays Groups: Databases Author: Pravin Sonawane Description: This is a simple class that can be used to retrieve MySQL query results into arrays.

It can execute a given MySQL SELECT query and retrieves the results into an array.
MySQL-wrapper

Posted: February 26th, 2010, 3:59pm MYT

Package: MySQL-wrapper Summary: Execute MySQL queries from lists of parameters Groups: Databases, PHP 5 Author: Guvenc Acarkan Description: This class can be used to execute MySQL queries from lists of parameters.

It can execute SQL SELECT, INSERT, UPDATE and DELETE queries by passing parameters that define tables, fields, values and condition clauses.
IMDB

Posted: February 26th, 2010, 3:43pm MYT

Package: IMDB Summary: Redirect to the page of a movie in IMDB Groups: PHP 5, Web services Author: Nitesh Apte Description: This class can be used to redirect to the page of a movie in IMDB.

It sends a request to IMDB site to perform a search for a given movie.

The class parses the retrieve search results page and redirect to the page of the searched movie.
PDO wrapper

Posted: February 25th, 2010, 3:59pm MYT

Package: PDO wrapper Summary: MySQL database access wrapper using PDO Groups: Databases, PHP 5 Author: Donauweb Description: This class implements a MySQL database access wrapper using PDO.

It can establish a connection to a MySQL database server and execute SELECT prepared queries with parameters from an array, retrieve query results into arrays, execute INSERT or UPDATE queries using parameters that define the tables, fields, values and conditions.
randlib

Posted: February 25th, 2010, 3:57pm MYT

Package: randlib Summary: Generate strings with random text Groups: Text processing Author: fwhite Description: This class can be used to generate strings with random text.

It provides different functions to generate strings with random characters of a given length from a certain range of desired characters.
jQuery Helper

Posted: February 24th, 2010, 3:59pm MYT

Package: jQuery Helper Summary: Generate Javascript to call jQuery library Groups: PHP 5, Text processing, Utilities and Tools Author: Andrei Caminschi Description: This class can be used to generate Javascript to call jQuery library.

It intercepts calls to class functions that do not exist and generates a string with JavaScript code that would be used to call jQuery library functions passing the argument values passed to the class call after converting them into JavaScript Object Notation.

The class calls return the instance of the current object which can be used to also retrieve the generated JavaScript code string.
Another simple MVC

Posted: February 24th, 2010, 3:57pm MYT

Package: Another simple MVC Summary: Model view controller framework implementation Groups: Design Patterns, Libraries, PHP 5 Author: lattuada Description: This package provides a model view controller framework implementation.

It provides a database access class, a front controller class and a template processing class.

to get started edit the .htaccess and make the rewrite base fit your server
then edit /config/define.php to set your database access.

by now what you may do is: set up a nice error handler function (http://php.net/manual/en/function.set-error-handler.php) and if you need it setup a cache handler too(may record an ob_start callback, and gzencode the content you are sending to browser).
Mysql Database Class

Posted: February 23rd, 2010, 3:59pm MYT

Package: MySQL Database Class Summary: MySQL database access wrapper Groups: Databases, PHP 5 Author: Yunus Oksuz Description: This class implements a MySQL database access wrapper.

It can establish MySQL server connections, execute queries, retrieve query results as arrays, and insert rows from parameters that define the table and the database field values to set.
Visit, UniqueVisit Counter

Posted: February 23rd, 2010, 3:57pm MYT

Package: Visit, UniqueVisit Counter Summary: Keep track of site visitors in a MySQL database Groups: Databases, User Management Author: Kristian Feldsam Description: This class can be used to keep track of site visitors in a MySQL database.

It inserts records to a a MySQL table with the IP address and time of visit of the current user.

The class may also query the access table to count the number of visits, unique visitors, page views and last user access.

TaoSecurity

Information Security Jobs in GE-CIRT and Other GE Teams

Posted: February 23rd, 2010, 10:15am MYT
I'm hiring for my team (GE-CIRT) again. The following summarizes open positions:
1. Information Security Incident Handler (1145304); serious skills required
2. Information Security Incident Analyst (1147842); intermediate skills required
3. Information Security Event Analyst (1147849); extreme willingness to learn required
4. Security Assurance Team Senior Analyst (1147811); intermediate skills required
5. Security Assurance Team Analyst (1147853); extreme willingness to learn required
6. Information Security Infrastructure Engineer (1147859); serious Unix and open source system and database administration skills required
Roles 1-3 involve incident detection and response. Roles 4-5 involve threat analysis, Red-Blue teaming, and internal consulting. Role 6 supports team systems. All roles have a bias towards hiring into our beautiful Advanced Manufacturing and Software Technology System in Michigan. I already have five guys working there and expect to have at least a dozen more on our team working there by the end of the year. In some cases I have multiple jobs available. Some of these candidates will report directly to me, while others will report to my senior team leaders.

If you hope to be referred by a GE employee, be sure to have that employee follow the Company referral policy. Do not apply on your own.

If interested in joining GE-CIRT, search for the indicated job numbers at ge.com/careers. I will not answer questions until potential applicants apply to the jobs, and then I will only do so through work channels. Thank you.

In addition to the roles listed above, other security teams in GE are hiring incident analysts with the job numbers listed below.
- 1148549
- 1147886
- 1148555
- 1142824
Also, GE Research is hiring for the following positions:
- 1149708: Next Generation IT Security Program Manager
- 1149697: Infrastructure Security Leader
- 1149699: Infrastructure Security Architect
- 1149705: Information Security Incident Response Leader
- 1125694: Cyber Security Researcher
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Classes: Latest entries

K-Stopwatch

Posted: February 22nd, 2010, 3:59pm MYT

Package: K-Stopwatch Summary: Measure the time it takes to execute PHP scripts Groups: PHP 5, Time and Date Author: Klesti Hoxha Description: This class can be used to measure the time it takes to execute PHP scripts.

It can start measuring the time a script section takes to execute assigning it a name.

The class then takes the time the section ended to execute. It also supports nested script sections.
xTwitter

Posted: February 22nd, 2010, 3:27pm MYT

Package: xTwitter Summary: Retrieve information and update Twitter statuses Groups: PHP 5, Social Networking, Web services, xml Api Author: Robert Description: This class can be used to retrieve information and update statuses and the account of a Twitter user.

It can send HTTP requests to the Twitter API Web server on behalf of a given user and performs several types of operations.

Currently it can get the user statuses aggregated in several ways, update or delete statuses, get, send and delete direct messages, add, delete and verify friends, etc..
String Class

Posted: February 21st, 2010, 3:57pm MYT

Package: String Class Summary: Manipulate text strings Groups: PHP 5, Text processing Author: Elyess Zouaghi Description: This class can be used to manipulate text strings.

It performs several types of instructions to manipulate text strings like: comparing values, get the length, get parts of the string, concatenate, search text, map the case of letters, convert to number values, etc..
pserver

Posted: February 21st, 2010, 3:47pm MYT

Package: pserver Summary: Handle TCP socket server connections Groups: Networking Author: Pedro Vargas Description: This class can be used to handle TCP socket server connections.

It can listen to connection requests to a given IP address and port.

The class handles connection events like connection requests, reading the request data and send the response data, by calling functions of the class for custom processing.

Sub-classes may extend the class to implement special handling of connection events for different types of server applications. Several examples are provided to demonstrate this ability.

TaoSecurity

Reaction to Cyber Shockwave

Posted: February 21st, 2010, 12:12pm MYT
I just finished watching Cyber Shockwave, in the form of a two hour CNN rendition of the 16 February 2010 simulation organized by the Bipartisan Policy Center (BPC). The event simulated, in real time, a meeting of the US National Security Council, with former government, military, and security officials role-playing various NSC participants. The simulation was created by former CIA Director General Michael Hayden and the BPC’s National Security Preparedness Group, led by the co-chairs of the 9/11 Commission, Governor Thomas Kean and Congressman Lee Hamilton.

The fake NSC meeting was held in response to a fictitious "cyber attack" against US mobile phones, primarily caused by a malicious program called "March Madness." For more details, read the press releases here, or tune into CNN at 1 am, 8 pm, or 11 pm EST on Sunday, or 1 am EST on Monday.

In this post I'd like to capture a few thoughts.
- Others have already criticized the technical realism of this exercise. I think that is short-sighted. If you have a problem with the scenario, insert your own version of a major technical problem that affects millions of people. (Then watch others criticize it!) I agree that the participants' understanding of how mobile malware works, propagates, etc. was lacking, but that's realistic! It was important to talk about a mass incident -- any mass incident -- to get policymakers and the public thinking about this problem.
- I think the real value of the exercise was revealing the planning deficiencies when cyber events are involved. Since this exercise supposedly occurred in the future, I was disappointed to not hear mention of the National Cyber Incident Response Plan, currently in draft. More worrying, I didn't hear a single mention of FEMA or the National Response Framework. One of the laws of incident response is that the worst time to determine how to respond to an incident is during the incident!
- I was reminded that, during a crisis, time is of the essence. Unfortunately, lack of time works against all of the factors that would help craft a better policy response, such as 1) sufficient understanding of the incident; 2) realistic options for containment; 3) workable recovery methods; 4) clear attribution and location of the adversary; 5) identification of the adversary's motive; 6) support for the public's confidence and safety; and 7) preservation of the means to communicate information to the public, among other factors.
- I was disturbed but not surprised to see the tension between preserving the Constitution, individual liberties, and property rights, vs "aggressive" action which is "ratified" following Presidential order. I was impressed by the simulated Attorney General's defense of the law despite intimations by some of her colleagues that the President could pretty much do whatever he wanted.
- On a related note, it sounded like the President has much more power if an attack is determined to be an act of war, but making that determination carries its own risks. For example, don't acts of war require retaliation? If so, how will that happen? At one point the question of "kind-for-kind" retaliation was mentioned, and the simulated Secretary of Defense said Cyber Command could take action.
- Speaking of action, sufficient attribution was a hot topic. First the team learned that a server linked to the March Madness app was located in Irkutsk, in Russia. The Russian government denied involvement, even to the extent that a server in Russia was even a conduit for the event. At that point, participants wanted to know if Cyber Command could "shut down" the server in Russia, like that was important. That bothered me because it could have been irrelevant as a containment or recovery action! The team also questioned if taking action against the Russian server could be an act of war. Again the AG was helpful, framing the issue in two senses: 1) the Afghanistan scenario, where the US took action against the Taliban following the 9/11 attacks for harboring attackers, and 2) the telecom "common carrier" scenario, which essentially indemnifies carriers for the content on their pipes.
- Next intelligence sources learned a person in Sudan was involved. As you might expect, options for finding and taking hold of that person were discussed. Even the word "rendition" was mentioned! The simulated Director of National Intelligence wanted to acquire and forensically analyze any electronic equipment used by the Sudan party to scope the intrusion, determine attribution, and potentially aid with recovery. Of course this was complicated by a lack of extradition treaties with Sudan, although larger geopolitical factors were mentioned as ways to gain cooperation with the Sudanese government.
- The role of the military, particularly the National Guard, was mentioned several times. Some thought the military might need to protect critical infrastructure, while others thought the military should deploy to the streets to project force and calm the public. I could relate to this situation after living through the Beltway sniper attacks one month after I moved my family to northern VA. (Police were everywhere for weeks, even though they couldn't really protect anyone.)
- To complicate the situation, after the first hour news came of a bomb attack on two power stations, leading to or aggravating electrical grid failures on the east coast. I thought this was unnecessary. In the scenario wrap-up, the participants focused mainly on the cyber elements. I thought the exercise could have stayed focused on 100% cyber without bringing in a traditional terrorism angle.
- Some of the simulated government positions are worth mentioning specifically. For example, when asked what DHS could do, the simulated secretary said that [US-]CERT will be "overwhelmed" and will need NSA's help! DoD said there was no effect on the nation's nuclear weapons. DoJ said the President could not order people to not use their phones, and others reinforced that it would make the President look weak when people would ignore him. The Counselor to the President said to forget about attribution and instead focus on the effect of the incident in order to determine if it were an act of war. Several advisors recommended getting Congressional leaders involved to provide political cover for Presidential decisions. DHs said that the various "sector" groups were not designed to response to a crisis like this. State repeatedly cautioned against speculation, particularly regarding the Russian Army video linked to the March Madness malware app.
- A few interesting parallels appeared. I mentioned Afghanistan already. One participant likened the event to weapons of mass destruction. I could easily see this being similar to a biological or chemical weapon attack. The simulated Secretary of the Treasury invoked the financial crisis, where decision makers crafted policy on the fly, stretching their authorities and seeking new powers as the situation deteriorated in 2007-2008. President Lincoln suspending habeas corpus during the Civil War was mentioned too.
- I thought the role of the simulated Cyber Coordinator revealed the weakness of the position. Most of the other participants relied on one, two, or three forms of authority when providing advice. They 1) offered specific expertise, e.g., the AG talking about the law; and/or 2) specific news, e.g., word from the Intel Community, and/or 3) explanations of what their agencies were doing, e.g., State describing interactions with other governments. The simulated Cyber Coordinator didn't do much of those, and when he tried to apply expertise, he was wrong or wrong-headed. I cringed when he mentioned having ISPs require user PCs to be "secure" or to force them to apply patches. Just how would that happen? I could see a useful Cyber Coordinator be the person who knows the technology and its limitations, but outside of that role I have a lot of doubts.
- It should have been clear that the National Security Council couldn't really do anything to contain or recover from the malware problem, let alone understand how much the situation could deteriorate. Understanding the consequences alone would require real analysis and input from their agencies, probably in NSA or Cyber Command. Taking steps to recover would be really baffling. I think planning and exercising the National Cyber Incident Response Plan with specific scenarios would be a good answer.
- Wolf Blitzer's questions after the exercise weren't that great. You are not going to get a former government or security official to name foreign adversaries on national television. That reminded me of the briefings during the first Gulf War. Don't journalists know officials are not going to break their security clearances to answer questions like that?
So, I already see lots of comments on Twitter and elsewhere claiming Cyber Shockwave was lame or a waste of time. As you can see it raised a lot of issues that I consider very important. I'm glad BPC organized this event and that CNN televised it. At the very least people are talking about digital security.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

PHP Freaks Tutorials

Help! Fatal error: Cannot redeclare function - PHP Tutorial

Posted: February 21st, 2010, 4:01am MYT

"Fatal error: Cannot redeclare function" - Ouch. This tutorial tells you how to get around this common problem. Check if a function exists before defining a function. Mini-Tutorial

TaoSecurity

Review of Intelligence, 4th Ed Posted

Posted: February 21st, 2010, 12:07am MYT

Amazon.com just posted my five star review of Intelligence: From Secrets to Policy, 4th Ed by Mark Lowenthall. From the review:

I was an Air Force military intelligence officer in the late 1990s. I've been working in computer security since then. I read Intelligence, 4th Ed (I4E) to determine if I could recommend this book to those who doubt or don't understand the US intelligence community (IC). I am very pleased to say that I4E is an excellent book for those with little to no intelligence experience. I also found I4E to be a great way to catch up on changes in the IC, particularly since Congress passed the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA).

I4E is a great book -- check it out!Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Offshoring Incident Response

Posted: February 20th, 2010, 10:40pm MYT
A blog reader emailed the following question.

We recently had a CISO change, and in the process of doing an initial ops review and looking at organizational structure, one of the questions the new CISO has is about the viability of offshoring incident response... I would be very interested in your views on this matter, and would appreciate any feedback you can offer.

As background, I've been involved in incident response in many different capacities: top-level military CERT, managed security services provider, fly-away consultant, government contractor, independent consultant, and top-level corporate CIRT. In other words, I've worked in insourced and outsourced environments.

I strongly advocate insourced or internal, professional incident response teams. Many technical people fixate on the technical aspects of security, as you might expect. While technical expertise is critical, it is also critical to understand the client. Depending on the size and complexity of the client, it can take an external team weeks or months to acquire the necessary understanding of the client to make a real difference. Sure, an external team can probably perform great analysis if given the right details and context. However, doing something about usually relies heavily on identifying and overcoming the various bureaucratic, cultural, financial, legal, and political challenges found in any suitable large organization. Therefore, I believe internal CIRTs are necessary for all organizations larger than a few hundred employees.

I believe it is appropriate and sometimes necessary to rely on outsourced incident response services when your organization meets one or more of these criteria during an incident.
- Your CIRT is nonexistent.
- Your CIRT is not staffed with enough people to meet the challenge at hand.
- Your CIRT is not technically equipped to meet the challenge at hand.
- Your CIRT needs help with a specific aspect of the challenge at hand.
- Your CIRT needs external assistance due to regulatory, compliance, or other legal issues.
Furthermore, when I read the term "offshoring" I get the sense that the question may involve hiring contractors who work for the organization permanently but report to their home contracting organization. In my experience any "cost savings" in such an arrangement are a figment of the accounting imagination. I recommend full-time employees be CIRT members.

Any thoughts from blog readers?Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Advice for Academic Researchers

Posted: February 20th, 2010, 9:47pm MYT

A blog and book reader emailed the following question:

I am an info sec undergrad and have been granted a scholarship to continue my studies towards a phd with the promise of DoD service at the other end. It is critical for me to research and select the most important area of security from the Defense Department's perspective.

My question to you is this: Drawing upon your knowledge, what specific area(s) of information security do you feel will be most critical in the next several years (especially in the eyes of the Dept. of Defense)?

I post this question because I'm sure blog readers will contribute interesting comments.

For my part, I'm really interested in the following: characterizing network traffic. In other words, develop tools and techniques to describe what is happening on the network. (I'm sure a few commercial vendors think they are doing this already, but nothing approaches the level that we really need.)

Without understanding what is happening, we can't decide if the activity is normal, suspicious, or malicious. Current approaches are far too primitive and limited. This work is not as "shiny" as developing a new detection algorithm, but getting back to basics is the sort of approach that could survive in a research environment.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

RantsandRamblings →

Gregarius » ComputerTechnology

Feeds

ComputerTechnology (65 unread)

Posted: March 16th, 2010, 3:18pm MYT

Posted: March 16th, 2010, 2:59pm MYT

Posted: March 16th, 2010, 2:59pm MYT

Posted: March 16th, 2010, 2:59pm MYT

Posted: March 15th, 2010, 2:24pm MYT

Posted: March 15th, 2010, 1:10pm MYT

Posted: March 15th, 2010, 4:16am MYT

Posted: March 14th, 2010, 3:59pm MYT

Posted: March 14th, 2010, 3:59pm MYT

Posted: March 14th, 2010, 5:25am MYT

Posted: March 13th, 2010, 3:45pm MYT

Posted: March 13th, 2010, 3:28pm MYT

Posted: March 12th, 2010, 3:57pm MYT

Posted: March 12th, 2010, 3:42pm MYT

Posted: March 11th, 2010, 3:58pm MYT

Posted: March 11th, 2010, 3:53pm MYT

Posted: March 10th, 2010, 11:01pm MYT

Posted: March 10th, 2010, 3:49pm MYT

Posted: March 10th, 2010, 3:45pm MYT

Posted: March 9th, 2010, 3:59pm MYT

Posted: March 9th, 2010, 3:55pm MYT

Posted: March 9th, 2010, 3:09am MYT

Posted: March 8th, 2010, 3:59pm MYT

Posted: March 8th, 2010, 3:57pm MYT

Posted: March 7th, 2010, 3:55pm MYT

Posted: March 7th, 2010, 3:48pm MYT

Posted: March 7th, 2010, 11:28am MYT

Posted: March 7th, 2010, 6:06am MYT

Posted: March 6th, 2010, 10:22pm MYT

Posted: March 6th, 2010, 3:58pm MYT

Posted: March 6th, 2010, 3:48pm MYT

Posted: March 5th, 2010, 3:48pm MYT

Posted: March 5th, 2010, 3:35pm MYT

Posted: March 5th, 2010, 6:49am MYT

Posted: March 5th, 2010, 6:16am MYT

Posted: March 4th, 2010, 3:50pm MYT

Posted: March 4th, 2010, 3:33pm MYT

Posted: March 3rd, 2010, 3:59pm MYT

Posted: March 3rd, 2010, 3:53pm MYT

Posted: March 2nd, 2010, 3:50pm MYT

Posted: March 2nd, 2010, 3:09pm MYT

Posted: March 1st, 2010, 12:37pm MYT

Posted: March 1st, 2010, 12:27pm MYT

Posted: February 28th, 2010, 3:59pm MYT

Posted: February 28th, 2010, 3:43pm MYT

Posted: February 27th, 2010, 3:59pm MYT

Posted: February 27th, 2010, 3:57pm MYT

Posted: February 26th, 2010, 3:59pm MYT

Posted: February 26th, 2010, 3:43pm MYT

Posted: February 25th, 2010, 3:59pm MYT

Posted: February 25th, 2010, 3:57pm MYT

Posted: February 24th, 2010, 3:59pm MYT

Posted: February 24th, 2010, 3:57pm MYT

Posted: February 23rd, 2010, 3:59pm MYT

Posted: February 23rd, 2010, 3:57pm MYT

Posted: February 23rd, 2010, 10:15am MYT

Posted: February 22nd, 2010, 3:59pm MYT

Posted: February 22nd, 2010, 3:27pm MYT

Posted: February 21st, 2010, 3:57pm MYT

Posted: February 21st, 2010, 3:47pm MYT

Posted: February 21st, 2010, 12:12pm MYT

Posted: February 21st, 2010, 4:01am MYT

Posted: February 21st, 2010, 12:07am MYT

Posted: February 20th, 2010, 10:40pm MYT