by trizaeron on Uncategorized

Buying the XPS 15 9570 from the Philippines

I would like to share my knowledge of how I was able to buy the XPS 15 9570 (2018) by Dell from the US and bring it to the Philippines using a forwarding service called ShippingCart.

Please note that during the time of purchase, this specific model of the XPS 15 is still not available in the country. The only way I will be able to have it is to buy from other countries. My first option is the United States since I have the background of buying things from there and shipped it either directly via FedEx or use a forwarding company like ShippingCart.

If you are wondering why I am going to the Dell line instead of saying, a Mac, because of the warranty. Afaik, Dell is the only company I know that offers a technician to personally visit your location and have your computer repaired as part of its warranty. Dell calls this warranty as NBD (Next Business Day on-site).

Back to the Purchase, I wanted to have the maximum warranty of 4 years and only dell.com offers it. However, there are problems for a common Pinoy like me. The Dell US website only accepts US based cards, meaning my Philippine-issued cards will not be accepted as a payment option. Aside from that, Dell also does not ship to a forwarding company. ( This is going on for many years already )

Good thing I was able to secure somebody to purchase it on my behalf, ( Thanks Sir Troy! ). I chose the i7 coffee lake, 32gb ram, 1tb ssd and 4k display version. Including the 4 years ProSupport and accidental warranty, the total was around $3,000.

The laptop was then sent to my custom shippingcart address from Sir Troy wherein I paid around P10,000 including the insurance fee for air cargo. It was delivered after 5 days here in Bohol. Great job shippingcart considering that I am in the province!

I received the laptop unblemished and immediately initialized the transfer of warranty from US to Philippines. In less than 10 days the warranty was transferred to my name, ASIA region – Philippines. Hurray!

During the whole plan of buying the laptop here are a few info I learned.

  • You can use the service Grabr.io to have someone buy it for you, checkout its website of how it works.
  • I have used the Gcash US virtual Amex card but the purchase did not push through for some reason.
  • Dell US usually gives promo codes, during my purchase I was able to make use of a 10% discount.

If you have any question related to buying the laptop, let me know by commenting in the video above.

Cheers!
Clifford

by trizaeron on Dev

“Specified key was too long error” error in Laravel 5.4

I upgraded my Laravel installation to 5.4 and encountered the error below:

 [Illuminate\Database\QueryException]                                         
  SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was t  
  oo long; max key length is 767 bytes (SQL: alter table `users` add unique `  
  users_email_unique`(`email`))                                                
                                                                               

                                                                               
  [PDOException]                                                               
  SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was t  
  oo long; max key length is 767 bytes

This is actually documented in the official Laravel website here: https://laravel.com/docs/master/migrations#creating-indexes where it fixes the issue. You need to call the Schema::defaultStringLength method within your AppServiceProvider class’ boot method.

public function boot()
{
    Schema::defaultStringLength(191);
}

However, the documentation does not mention that you need to declare the Schema class at the top, or else you will encounter the error like below:

                                                         
  [Symfony\Component\Debug\Exception\FatalThrowableError]  
  Class 'App\Providers\Schema' not found

So be sure to add:  use Schema;

<?php

namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Schema;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        Schema::defaultStringLength(191);
    }

    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        //
    }
}

Adding a backslash before Schema also works fine.

\Schema::defaultStringLength(191);

I hope this somehow helps :)

by trizaeron on General

Comelec Hack: 2013, 2016 and revelation of #pr.is0n3r

Original Post: https://www.facebook.com/notes/clifford-trigo/comelec-hack-2013-2016-and-revelation-of-pris0n3r/1001530523228999

Many of you may not know that the Commission of Election website (www.comelec.gov.ph) became a target by Anonymous Philippines led by a user with handle #pr.is0n3r before the 2013 general election.
During that time a video was published by the same user, mainly giving “COMELEC” a warning of possible electoral fraud. Allegedly, PCOS machines can be tampered and CF cards can be manipulated.
Watch: https://www.youtube.com/watch?v=xXl3LMjug-k 

The end part of the video showed the COMELEC website being penetrated using SQL injection. Data was extracted from the COMELEC Database wherein it appeared to be also downloaded locally.
Do you think Comelec is seriously securing your personal information?
I have tried to reach the user behind the handle pr.is0n3r and asked him if he still has access in the comelec website, he replied with revelations. According to him:
  • In 2013, before he got access to COMELEC’s server, somebody had an uploaded web shell already. Guess who? Our friendly neighbor – China. ( The same with Banko Sentral ng Pilipinas )
  • The last time he had access was after the 2016 defacement.
  • About 5 critical vulnerabilities can be exploited in the website.
  • He is 99% sure he can access the website once it’s up again.
  • He is most concerned of the government being unaware that we are already infiltrated by foreigners and only react to the latest defacement/leak. …”hindi nila alam na hacked na sila matagal na ng taga ibang bansa. Na gather na nila ang info natin sir matagal na. Hindi lang nag rereact ang mga chinese hackers, yun ang nakakatakot dahil tahimik sila at we dont know ano ang plans nila.”

additional information by #pR.is0n3r in Anonymous Philippines page.

Comelec Hack 2016

Late Sunday night of March 27, 2016 – Anonymous Philippines struck again by defacing the comelec website. The hacktivists also provided a video with similar message to the 2013 version. https://www.youtube.com/watch?v=cTJjMTnEJdE
The difference between the two is that the 2016 version showed hackers gaining root privileges by leveraging what appears to be an XPath injection vulnerability.
Hours later that defacement, a hacker group calling themselves as Lulzsec Pilipinas claimed to have compromised the comelec site as well then accessed and dumped its Database over the web. That’s 300+GB of compressed data.
An investigative report by Trendmicro said the leaked database contained a huge number of sensitive personally identifiable information (PII).
Comelec doesn’t seems to take serious security measures, even displaying sensitive info in plain text!
After the 2013 attack, COMELEC should have known and expected the possibilities of being hacked again. And yet, they seem to not care at all.
In the case of recent hacking incident, COMELEC should have filed a report to National Privacy Commision in which they didn’t. Why? Do they really value protecting our sensitive info – the Filipino people? They have failed us.

Paul Biteng

A friend of mine, Paul Biteng was nabbed by NBI agents in his house last Wednesday night. He was tagged as suspect of the latest defacement, where media reports said he admitted but not of the database leakage.
For the information of everybody, I and Paul along with our friends at Invalid Web Security are active participants of bug bounty programs.
We strongly believe Paul is not part of the database leakage. We are standing behind him through all of this.
Paul Biteng as a White Hat:
 https://hackerone.com/paulbits
https://facebook.com/whitehat/thanks
https://www.pinoyhacknews.com/security
https://technet.microsoft.com/en-us/security/cc308575.aspx
http://sproutsocial.com/responsible-disclosure-policy
Whatever is being uploaded on the web will always be on the web. ask wehaveyourdata.com!
Additional reading:
https://www.pinoyhacknews.com/exclusive-interview-with-anonymous-philippines-pr-is0n3r http://blog.trendmicro.com/trendlabs-security-intelligence/55m-registered-voters-risk-philippine-commission-elections-hacked/
https://en.wikipedia.org/wiki/Bug_bounty_program http://www.gmanetwork.com/news/photo/25742/scitech/bangko-sentral-ng-pilipinas-website-hacked