Sunday, August 29, 2010

Build your own botnet with open source software

Traditionally botnet's have recked more havoc then good. By effectively controlling millions of unsuspecting user PC's, modern botnets have demonstrated the ability to manage a global infrastructure on an unimaginable scale. By applying the same techniques and approaches used in botnets within your computing environment you'll be capable of handling any demands placed on you or your infrastructure.

This how-to article will take a closer look at using common open source components to create your very own botnet for the purposes for securing, protecting, load testing and managing your global internet infrastructure.

Introduction to Botnets Good Vs Evil As in any internet technology, it can be used for good or for evil. The purpose of this article is to examine some of the positive uses of botnet technology in business applications.

Darknet Vs Botnet A darknet is a private virtual network where users connect only to people they trust.

A Botnet is a term for a collection of software robots, or bots, which run autonomously and automatically. They run on groups of computers controlled remotely.

Business Usages Moores Law describes an important trend in that the number of transistors that can be inexpensively placed on an integrated circuit is increasing exponentially, doubling approximately every two years. Almost every measure of the capabilities of digital electronic devices is linked to Moore's Law: processing speed, memory capacity, etc. All of these are improving at (roughly) exponential rates as well.

As business become more and more compute centric, the need for additional sources of compute capacity has become a critical competitive aspect in many IT focused businesses.

By applying some of the key approaches found in today's modern botnet army's; companies can build more powerful, self healing and adaptive computing environments. Some of the these applications include (but are not limited to) the following,

Cloud Computing Cloud computing is a new (circa late 2007) label for the subset of grid computing that includes utility computing and other approaches to the use of shared computing resources. Cloud computing is an alternative to having local servers or personal devices handling users' applications.

Grid Computing / Computational The creation of a "virtual supercomputer" by using spare computing resources within an organization.

Application / Website Scaling Application load balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, throughput, or response time.

Load Testing Load testing is the process of creating demand on a system or device and measuring its response.

Fault Tolerance Fault-tolerance or graceful degradation is the property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components.

Feel free to add your own use case.

How To Build a Botnet Difficulty Level (Medium to Hard) Tricky, but not impossible. If you're a decent computer geek you'll have no trouble.

What You'll Need
  • Access to several computers or a on-demand compute utility such as Amazon EC2
  • High Speed Internet access
  • Experience configuring Linux or Windows Networking
  • Experience with server Virtualization

1. Allocate computers / Servers At the heart of any botnet are the physical machines that execute the various processes. RAM, Storage and system/network I/0 will be your main limitations. A cluster of Mac Mini's will work just fine, although a cluster of Intel quad core servers will perform significantly better.

You also have the option to use pay per use compute utilities such as Amazon EC2 or even a VPS or dedicated web hosting environment. For the purposes of this how-to we will assume you have local hardware at your disposal, we're using several mac mini's with 2GB of RAM, 2GHZ dual core processors.

2. Choose Operating Environment (Server Virtualization) When looking at your various options it is good to stick with the operating system your most familiar with. Our preference is Linux, but Windows, OS X or BSD could also work just fine.

Just enough operating system (JEOS) When looking at the management of large numbers of slave machines, the OS size will become an import aspect to keep in mind. Operating systems with graphical desktops tend to be a lot larger, so for that reason we recommend the use of a small virtual machines also known as Just enough operating system (JEOS) A popular option includes the JEOS system provided by Ubuntu.

Server Virtualization There are number of different approaches that can be taken when deploying a botnet. The most typical is provided in the form of malware that sits on a users desktop PC and propagated via email or other subversive means.

Our preferred method involves the use of server virtualization. Server virutalization allows for many operating systems to running in parallel on a single computer or server.

What is Virtualization? The Wikipedia defines virtualization as "a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource."

So why do you need virtualization? Basically virtualization provides a more portable and easily adapted infrastructure capable of instantly changing to the demands placed on it.

Blue Pill Server Virtualization According to the author of the original blue pill Joanna Rutkowska, by using hardware accelerated virtualization to enable a virtual machine to run in parallel to the host operating system, malicious code could effectively enable a secondary operating environment to trap a running instance of the operating system into a undetectable virtual machine, and would then act as a hypervisor, with complete control of the host computer. Joanna Rutkowska claims that, since any detection program could be fooled by the hypervisor, such a system would be "100% undetectable"

Since our botnet is meant for more positive purposes, we recommend a more adaptive approach using server virtualization.

Enomalism Elastic Computing Platform In our example we're using an open source virtualization management platform called the Enomalism Elastic Computing Platform, which is geared to the easy management of several types of virtual environments including Xen, KVM, OpenVZ, and VMware. Enomalism makes the setup of a distributed multi server and geographically disperse virtualized environment significantly easier trough an easy to use web based dashboard. Enomalism isn't limited to one data center and can be setup to running across the globe.

3. Configure Networking When configuring your botnet one of the most important aspects will be the networking and dealing with securing remote and possibly untrusted network environments.

The best and easiest ways to deal with secure networking within a globally diverse computing environment is to use a Virtual Private Network VPN. We recommend using OpenVPN, a free and open source VPN program for creating point-to-point encrypted tunnels between host computers.

OpenVPN Technical Overview OpenVPN allows peers to authenticate to each other using a pre-shared secret key, certificates, or username/password. It is available on Solaris, Linux, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP.

4. Configure Command & Control A fundamental aspect of setting up a botnet is the "master" (Command & Control - C&C) and Zombie Machine (Slave). The slave is where the work gets done. In the early days, botnet C&C were typically deployed via the IRC, although lately most IRC networks are taking measures to block access to botnets, controllers must now find their own servers such as exploited PC's.

eXtensible Messaging and Presence Protocol There has also been a shift in the C&C from IRC based communications to eXtensible Messaging and Presence Protocol (XMPP) which requires no open ports, is encrypted and is extremely difficult to detect from regular IM traffic. XMPP also works behind firewalls, by using HTTP or HTTPS binding.

The decentralized architecture of the XMPP network is similar to email; anyone can run their own XMPP server and there is no central master server. 99% of the botnet can go offline without actually bringing down the overall botnetwork.

If configured correctly, it is almost impossible to take the XMPP based Command & Control system down. SO BE CAREFUL!

5. Define User Access 6. Applications & Monitoring 7. Auto discovery

Bacteria that lights up around landmines


A stunning 87 countries around the world are still littered with undetonated landmines, and their impact is devastating. Tens of thousands of people are killed or injured by mines every year, and they pose a grave threat to ecosystems and wildlife. But an unexpected solution may be on the way--scientists have developed a special kind of bacteria that actually begins to glow in the presence of landmines.

It seems like something straight out of a science fiction film, but this new bacteria is very real. According to the BBC, the "scientists produced the bacteria using a new technique called BioBricking, which manipulates packages of DNA." The bacteria is then mixed into a colorless solution, "which forms green patches when sprayed onto ground where mines are buried." The bacterial stew can also be dropped via airplane in extremely sensitive areas.

Then, only a few hours after it's sprayed or dropped, the bacteria begins to glow green if it's next to an undetonated explosive. This, of course, would be an invaluable asset in the ongoing quest to rid nations like Somalia, Bosnia, and Cambodia of their atrocious, deadly minefields.

While there's been much experimenting with new landmine detection techniques--genetically engineered mine-sniffing rats, color changing plants, and tobacco bio-sensors, to name a few--scientists are especially optimistic about the bacteria because the solution is cheap and easy to mass produce.

Landmines are one of the most horrible artifacts of war there are--they've killed and scarred millions during their tenure as the cheap, debilitating guerrilla weapon of choice. While human suffering is the first and foremost concern when it comes to landmines, it's often overlooked that landmines are severe threats to the ecosystems as well. Millions of animals have also been obliterated by landmines.

According to BNet,

one environmental specialist has compiled anecdotal reports of more than 1.6 million animals dying from land mines in 39 countries. In his collection are stories of as many as 20 elephants a year being killed by mines in Sri Lanka, of animals being "blown to pieces" in the Falkland Islands, and bears, deer and foxes triggering the devices in Croatia.

Landmines are a particular threat in areas rich with biodiversity. Countries like Myanmar (Burma), Colombia, Mozambique, Cambodia, and Angola are all teeming with wildlife--and have some of the largest minefields on the planet. While the specific numbers on animal fatalities remain inconclusive, researchers agree that mines are devastating in such environments.

Now, perhaps, this new glowing bacterial solution will help prevent both people and wildlife from meeting a fate nobody--and no animal--should ever have to suffer.

NASA to bring down the ISS in 2016

Question: What do you do with a 654,000 pound space station with no budget past 2015?

Let her crash and burn, which is just what the current plan is for the International Space Station. The short story here is that NASA will not have the budget to keep the huge space station in orbit. It seems like a shame to let the $100 billion ISS fail in such a glorious method. NASA doesn’t have the money and soon will not even have transportation with the Shuttle on the quick road to retirement.

There are of course folks in the government that want the ISS to survive a bit longer, but they can’t find the money. AIG executives apparently need a bonus so the space station needs to come down. Sorry, science and humanity, some playboy needs to make yacht payment. Sad.

Growing Fresh Air with 8 Powerful Plants

Picture Janelle Sorensen Wednesday, December 23, 2009 What do you do when you become allergic to the air?  When your lungs begin to shut down because the air is too contaminated?  Kamal Meattle suffered from this fate and guess what his solution was? Grow new air. Based on years of NASA studies, other scientific research, and 15 years of his own testing, Meattle discovered that three common houseplants, used strategically throughout a home, could vastly improve the indoor air quality.

Here's the breakdown:

Areca Palm is "The Living Room Plant" - This plant is a daytime oxygen factory and Meattle recommends having 4 shoulder height plants per person.

Mother-in-Law's Tongue is "The Bedroom Plant" - This plant is an evening oxygen factory and Meattle recommends having 6-8 waist-high plants per person.

Money Plant is "The Specialist Plant" - This plant is the filter that removes formaldehyde and other volatile organic chemicals from the air.

If maintained appropriately, Meattle claims you could live inside a bottle with a cap on top and these three plants would generate all the fresh air you need.

Not looking to live in a bottle? These plants will certainly still improve your indoor air quality (even if you don't have quite so many). And, if you're not satisfied with just three options, other new research has identified five "super ornamentals" that demonstrated high effectiveness of contaminant removal.

These include the purple waffle plant (Hemigraphis alternataa), English ivy (Hedera Helix), variegated wax plant (Hoya cornosa), Asparagus fern (Asparagus densiflorus) and the Purple heart plant (Tradescantia pallida).

Of the 28 plants tested, these five were effective at reducing levels of a number of common household VOCs, including benzene, toluene, octane, alpha-pinene and TCE. The work, funded by the University of Georgia's Agricultural Experiment Stations, was published in the August 2009 issue of HortScience.

Ready to grow your own fresh air? NASA studies recommend that you use one good-sized houseplant in a 6 to 8-inch diameter container for every 100 square feet of your home. Though, additional research is being done to identify exactly how many of each type of species is necessary for remediation (as in Meattle's work). You should also be sure to keep the foliage clean and dust free (so the leaves can do their job). And, keep the top of soil clean and free of debris, as in some cases, that's where the bulk of the filtering is taking place.

The healthier your plants, the more vigorously they'll grow, and the better they'll clean the air for you.
Read more:


By Greg Seaman Posted May 13, 2009 Common indoor plants may provide a valuable weapon in the fight against rising levels of indoor air pollution. NASA scientists are finding them to be surprisingly useful in absorbing potentially harmful gases and cleaning the air inside homes, indoor public spaces and office buildings.

The indoor pollutants that affect health are formaldehyde, Volatile Organic Compounds (benzene and trichloroethylene or TCE), airborne biological pollutants, carbon monoxide and nitrogen oxides, pesticides and disinfectants (phenols), and radon. These pollutants contribute to ’sick building syndrome’, which causes symptoms ranging from allergies, headaches and fatigue through to nervous-system disorders, cancer and death.

Through studies conducted by NASA, scientists have identified 50 houseplants that remove many of the pollutants and gases mentioned above. Dr. B. C. Wolverton rated these plants for removing chemical vapors, ease of growth, resistance to insect problems, and transpiration (the amount of water they expire into the air).

NASA, with assistance from the Associated Landscape Contractors of America, conducted a two-year study directed by Dr. B.C. Wolverton, an environmental engineer from Picayune, Miss. Wolverton has worked as a research scientist for NASA for some 20 years. His study, in the late ’80s and early ’90s, of the interaction of plants and air found that houseplants, when placed in sealed chambers in the presence of specific chemicals, removed those chemicals from the chambers.

Dr. B.C. Wolverton, researcher and author of “How to Grow Fresh Air — 50 Houseplants that Purify Your Home or Office” (1997, Penguin paperback, $15.95), conducted plant studies for NASA that determined that plants can clean pollutants in homes, offices, factories and retail outlets.

Later, Wolverton expanded the study and assigned plants a rating from one to 10, based on a plant’s ability to remove chemical vapors or indoor air toxins, ease of growth and maintenance, resistance to insect infestation and the rate at which water evaporates from the leaves.

Top ten plants for removing formaldehyde, benzene, and carbon monoxide from the air:

1. Areca Palm (Chrysalidocarpus lutescens) Also called the “Butterfly Palm”. An upright houseplant that is somewhat vase shaped. Specimen plants can reach 10 to 12 foot in height. Prefers a humid area to avoid tip damage. Requires pruning. When selecting an Areca palm look for plants with larger caliber trunks at the base of the plant. Plants that have pencil thin stems tend to topple over and are quite difficult to maintain.

2. Lady Palm (Rhapis excelsa) Also called the “Lady Palm”, this durable palm species adapts well to most interiors. The Rhapis are some of the easiest palms to grow, but each species has its own particular environment and culture requirements. The “Lady Palm” grows slowly, but can grow to more than 14′ in height with broad clumps often having a diameter as wide as their height.

3. Bamboo palm (Chamaedorea seifrizii) Also called the “reed palm”, this palm prefers bright indirect light. New plants will lose of some interior foliage as they acclimate to indoor settings. This plant likes to stay uniformly moist, but does not like to be over-watered or to sit in standing water. Indoor palms may attract spider mites which can be controlled by spraying with a soapy solution.

4. Rubber Plant (Ficus robusta) Grows very well indoors, preferring semi-sun lighting. Avoid direct sunlight, especially in summer. Young plants may need to be supported by a stake. The Ficus grows to 8’ with a spread of 5’. Wear gloves when pruning, as the milky sap may irritate the skin. Water thoroughly when in active growth, then allow the soil to become fairly dry before watering again. In winter keep slightly moist.

5. Dracaena “Janet Craig” (Dracaena deremensis) The Dracaena grows to 10’ with a spread of 3’. Easy to grow, these plants do best in bright indirect sunlight coming from the east/west. They can adapt to lower light levels if the watering is reduced. Keep the soil evenly moist and mist frequently with warm water. Remove any dead leaves. Leaf tips will go brown if the plant is under watered but this browning may be trimmed.

6. Philodendron (Philodendron sp.) One of the most durable of all house plants. Philodendrons prefer medium intensity light but will tolerate low light. Direct sun will burn the leaves and stunt plant growth. This plant is available in climbing and non-climbing varieties. When grown indoors, they need to be misted regularly and the leaves kept free of dust. Soil should be evenly moist, but allowed to dry between watering.

7. Dwarf Date Palm (Phoenix roebelenii) A hardy, drought-tolerant and long-lived plant, the Dwarf Date Palm needs a bright spot which is free of drafts. It grows slowly, reaching heights of 8-10’. The Dwarf Date Palm should not be placed near children’s play areas because it has sharp needle-like spines arranged near the base of the leaf stem. These can easily penetrate skin and even protective clothing.

8. Ficus Alii (Ficus macleilandii “Alii”) The Ficus Alii grows easily indoors, and resists insects. It prefers a humid environment and low to medium light when grown indoors. The Ficus Aliii should not be placed near heating or air conditioning vents, or near drafts because this could cause leaf loss. Soil should be kept moist but allowed to dry between watering.

9. Boston Fern (Nephrolepis exaltata “Bostoniensis”) The Boston fern grows to 4’ in height with a spread up to 5’. It has feathery ferns which are best displayed as a hanging plant. It prefers bright indirect sunlight. Keep the soil barely moist and mist frequently with warm water. This plant is prone to spider mites and whitefly which can be controlled using a soapy water spray. Inspect new plants for bugs before bringing them home.

10. Peace Lily (Spathiphyllum “Mauna Loa”) The Peace Lily is a compact plant which grows to a height of 3’ with a 2’ spread. This hardy plant tolerates neglect. It prefers indirect sunlight and high humidity, but needs to be placed out of drafts. For best results, the Peace Lily should be thoroughly watered, then allowed to go moderately dry between waterings. The leaves should be misted frequently with warm water.

String Theory


String Theory For Dummies From String Theory For Dummies by Andrew Zimmerman Jones String theory, often called the “theory of everything,” is a relatively young science that includes such unusual concepts as superstrings, branes, and extra dimensions. Scientists are hopeful that string theory will unlock one of the biggest mysteries of the universe, namely how gravity and quantum physics fit together.

String Theory Features String theory is a work in progress, so trying to pin down exactly what the science is, or what its fundamental elements are, can be kind of tricky. The key string theory features include:

  • All objects in our universe are composed of vibrating filaments (strings) and membranes (branes) of energy.

  • String theory attempts to reconcile general relativity (gravity) with quantum physics.

  • A new connection (called supersymmetry) exists between two fundamentally different types of particles, bosons and fermions.

  • Several extra (usually unobservable) dimensions to the universe must exist.

There are also other possible string theory features, depending on what theories prove to have merit in the future. Possibilities include:

  • A landscape of string theory solutions, allowing for possible parallel universes.

  • The holographic principle, which states how information in a space can relate to information on the surface of that space.

  • The anthropic principle, which states that scientists can use the fact that humanity exists as an explanation for certain physical properties of our universe.

  • Our universe could be “stuck” on a brane, allowing for new interpretations of string theory.

  • Other principles or features, waiting to be discovered.

Superpartners in String Theory String theory’s concept of supersymmetry is a fancy way of saying that each particle has a related particle called a superpartner. Keeping track of the names of these superpartners can be tricky, so here are the rules in a nutshell.

  • The superpartner of a fermion begins with an “s,” so the superpartner of an “electron” is the “selectron” and the superpartner of the “quark” is the “squark.”

  • The superpartner of a boson ends in “–ino,” so the superpartner of a “photon” is the “photino” and of the “graviton” is the “gravitino.”

Use the following table to see some examples of the superpartner names.

Some Superpartner Names Standard Particle Superpartner Higgs boson Higgsino Neutrino Sneutrino Lepton Slepton Z boson Zino W boson Wino Gluon Gluino Muon Smuon Top quark Stop squark Keeping Track of String Theory’s Many Names String theory has gone through many name changes over the years. This list provides an at-a-glance look at some of the major names for different types of string theory. Some versions have more specific variations, which are shown as subentries. (These different variants are related in complex ways and sometimes overlap, so this breakdown into subentries is based on the order in which the theories developed.) Now if you hear these names, you’ll know they’re talking about string theory!

  • Bosonic string theory

  • Superstring theory (or Supersymmetric string theory)

    • Type I, Type IIA, Type IIB, Heterotic string theories (Type HE, Type HO)

  • M-theory

    • Matrix theory

  • Brane world scenarios

    • Randall-Sundrum models (or RS1 and RS2)

  • F-theory

Key Events in String Theory History Although string theory is a young science, it has had many notable achievements. What follows are some landmark events in the history of string theory:

1968: Gabriele Veneziano originally proposes the dual resonance model.

1970: String theory is created when physicists interpret Veneziano’s model as describing a universe of vibrating strings.

1971: Supersymmetry is incorporated, creating superstring theory.

1974: String theories are shown to require extra dimensions. An object similar to the graviton is found in superstring theories.

1984: The first superstring revolution begins when it’s shown that anomalies are absent in superstring theory.

1985: Heterotic string theory is developed. Calabi-Yau manifolds are shown to compactify the extra dimensions.

1995: Edward Witten proposes M-theory as unification of superstring theories, starting the second superstring revolution. Joe Polchinski shows branes are necessarily included in string theory.

1996: String theory is used to analyze black hole thermodynamics, matching earlier predictions from other methods.

hai guise lets click