I spent a grand total of $25 on (food) shopping this week. I wish stuff was this cheap in Australia. There's a few interesting differences between products here and back home:

1) Milk. Milk here is kind of fail. Tastes like powdered milk, mixed with water, put in a carton and chilled. I have a pretty strong inkling that this might be the exact case. I shall sample other brands of milk, but sources cause me to speculate that this is par for the course in Asian countries, so I shouldn't get my hopes up.
2) Bread. Bread here owns. It's better than the bread I'd get in Australia and is roughly the same price (12000 rupiah or something, around $1.50).
3) Candy. Candy rocks and is quite inexpensive as long as you go for the locally produced variety. I bought a few packets of a brand called "Tango" and it's really good. The easiest way I can think of to explain it is that it's like those soothers that have the liquid center, but not all minty and stuff. Tasty stuff.
4) Noodles. The mi goreng selection here is phenomenal. As soon as either a) I get my camera working or b) I give up on my camera and use my camera phone, I'm going to take a picture of the mi goreng aisle. Yes. The aisle. There's an entire aisle for mi goreng.
5) Water. Bottled water here is kind of a necessity if you don't own a water dispenser thing like this one, so it's pretty cheap, setting you back anywhere from 30c to $2.50 for a 1.5L bottle, depending on how pretty you want the bottle to be.

I seem to have broken out of my productivity slump and am now resuming work on Jishaku.

Been meaning to blog but there's not much to blog about. I'm in Indonesia at the moment, spending most of my time in my room watching anime/tv shows (big change there lel). I'll summarise things quickly.

• Have had some money/bank issues, but nothing life-threatening
• My camera is broken, so I can't post pictures of my room at the moment, but as soon as I get it back to health there'll be some shiny new snaps up here
• Loliki, Izark and Jrazy are awesome because they keep me company :D
• Food here is awesome
• Things are -cheap-
• Internet is crap, but also cheap
• All this sitting around has instilled a deep sense of apathy in me, I cbf doing much

That's about that.

Until next time...

I got around a couple more camera authentication things today, upping the total amount of cameras on my webcams page to just under 2000. Providing the current scan I'm running turns up cameras at the same rate as previous scans, there should be anywhere from 2500-3500 on there sometime tomorrow. Hooray for retarded security schemes!

CryptWizard showed me a cool article today. This article details how badly breakable and exploitable the Thomson SpeedTouch series of wireless routers would be if someone made a super-easy-to-use tool to take advantage of a vulnerability in their "random" ssid and default key generation.

I'll just leave this here.

I had to get some IDs to test out this twitter plugin for wordpress. This is how I did it.

for i in $(curl -s 'http://integratedsearch.twitter.com/search.html?callback=processPageLoadSearch&layout=none&locale=en&page=1&q=<YOUR SEARCH TERM HERE>' |sed -re 's/\\n/\n/g' |sed -re 's/\\t/\t/g' |sed -re 's/\\"/"/g' |grep statuses |cut -d '/' -f 4 |sort -u); do printf '%s,' `curl -s http://twitter.com/$i |grep 'link rel="alternate"' |head -n 1 |cut -d '/' -f 6 |cut -d '.' -f 1`; done; echo;

Enjoy!

flatwhatson showed me a website called shodan a little while back. It allows you to search through the banners that the owner picks up while scanning (ssh version banners, ftp servers, http headers, etc). I thought it was a pretty cool idea, but also though it could be done much better, so yesterday I wrote a clone of it.

You can see said clone here.

It's got a few features shodan doesn't, shodan has some features that mine doesn't, so it's not meant to replace shodan. The thing is, it seems I can add many many many more entries at a much faster rate than the other guy can. I've written a few small scanners over the last few months for ftp, http, etc, so I know what works and what doesn't when it comes to scanning for large amounts of hosts. Right now I'm adding about 1500 hosts per minute, pretty quickly approaching 1.1 million entries. Keep in mind that it's only been scanning for around 18 hours.

If you're wondering about the name, it's a Japanese word. Depending on context, it can mean "hopeless", "no choice in the matter", "no helping it" and other things along those lines. In this case, it means "once I have your data on here, there's nothing you can do about it". That is if you're running an old version of apache or something.

It's pretty straightforward to use. Without any explanation, you can probably start finding interesting stuff on there. Try this search out for instance: http://shouganai.mastercj.net/index.php?q=openssh. There are a few modifiers you can use in search terms and they act just like their google-inspired brethren. This includes prefixing them with "-" to denote a desire to exclude all results matching that modifier. Allow me to demonstrate.

The first is "software": http://shouganai.mastercj.net/index.php?q=software%3Athttpd. This will only work for headers that I've written definitions for. I catch a fair few http server versions and a large chunk of sshd versions, so specifying things like "IIS" or "dropbear" or "cisco sshd" should work as expected.

The second is "version": http://shouganai.mastercj.net/index.php?q=version%3A2. This can be combined with the "software" modifier to pick out what exactly you want to find. This is a slightly fuzzy search in that "2" will match "2" and "2.1.0".

Next up is "port". This works for all results and is pretty self explanatory. http://shouganai.mastercj.net/index.php?q=port%3A80.

Fourth is "protocol". There's a pretty good chance that this will work, but it's not guaranteed. I've erred on the side of false negatives instead of false positives with this, so you might miss some malformed server responses. Here's an example of when it works: http://shouganai.mastercj.net/index.php?q=protocol%3Assh.

There's a few more modifiers I'm yet to get around to implementing that I'd like to, such as "country" and "domain". Neither will be very hard to do, but I probably won't have time to do it until later in the week.

Anyway, that's that. If you've read this far, thanks! Have fun with it and excuse any sluggishness until I switch over to sphinx or senna or something.

Happy hacking!