Modding MOTOROKR E6/E6e/A1200

For the growing interest of how to mod your MOTOROKR E6/E6e/A1200 i have published a article How i moded My MOTORKR E6 edge aka E6e. I have also published Short tutorial for flashing your E6/E6e.

See this and let me know about your progress and never hesitate to post if you face any kindof problem.

Happy modding!!

Finally I modded My MOTORKR E6 edge

Hi Guys!! For since somedays i was busy with my newly bought MOTOROKR E6e aka E6 EDGE. I was too curious to mod it by as you know for modding and installing apps you have to flash your firmware to some firmwares which supprt modding. Like I have 22P firmware installed by default and these firmware is only available in indian phones, as far as i know. So i was eagerly waiting for the 22P firmware to come on internet as i have the alternate way if it doesnt work. After i got the original R535H10_G_11.87.22P aka 22P firmware. Now what should i do. To know more go here.

how to fix up weak OpenSSL/OpenSSH keys (Debian)

A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys. Any OpenSSL-based key generated on a Debian-based system since September 2006 by the openssl, ssh-keygen, or openvpn –keygen commands are vulnerable to this issue.

Debian and Ubuntu have already issued updates that correct the flaw and provide a blacklist of keys known to be weak. Unfortunately, exploits to take advantage of this flaw exist as well. Likewise, while the affected OpenSSL packages are only on Debian and Debian-derived distributions, it could affect other operating systems as well if those keys were generated on a Debian system. For instance, if your system provides SSH access to external users, and one of them created an SSH keypair using Debian or Ubuntu, then your system, or more particularly those user accounts, should be considered compromised, whether it is running Mandriva, Fedora, or even a BSD variant.

The Debian team has provided a tool that can be used to determine if any such weak keys exist on the system, and it can be run by anyone, regardless of whether they use Debian or not. To begin, download the dowkd.pl perl script and use it to test SSH keys of the host system:

$ cd ~/tmp

$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc

$ gpg --keyserver subkeys.pgp.net --recv-keys 02D524BE

$ gpg --verify dowkd.pl.gz.asc

$ gunzip dowkd.pl.gz

$ perl dowkd.pl host localhost

This will download the dowkd.pl perl script and also import a Debian security team member’s key from subkeys.pgp.net. If the archive verifies okay with gpg, unarchive it, and then run the script in host-checking mode against the localhost.

If the script detects that the host key is weak, it will indicate such. Next, run the script against user keys on the system:

# perl dowkd.pl user

This check should be run as root in order to obtain access to every user’s keys. The script will check the keys and also the authorized_keys file and will alert you if the fingerprint to a remote host indicates a vulnerable key as well. If you wish to check a specific user, append the user name to the command:

# perl dowkd.pl user joe

If the script indicates that any keys are weak, they should be removed and regenerated immediately.

More information on exactly what types of keys and how to test them all is available at http://wiki.debian.org/SSLkeys.