Wednesday, August 31, 2005

Netgear WGR614 router rocks

As you guys know, I had been complaining about the Airlink wireless router a few days ago. Phew, I was able to return it back to Fry's. Now I have installed a Netgear WGR614 router and just for the record, want to say that it rocks! The entire setup took less than 10 minutes. The router had a configuration wizard built into the router itself. It also provided an option to bypass the wizard entirely. This is a great convenience to power users like myself.

I've turned on the WPA encryption and now enjoying superior security with better speed.

This is how a product, specially an appliance, should be made. Easy to install, easy to use. It works right the first time.

Sunday, August 28, 2005

SQL Injection attacks

MSDN Magazine describes SQL Injection as:
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.

So why am I writing about SQL injection today? Well, I ran into a prominent yellow pages site yesterday and happened to notice that the way they construct their URL's, they are inviting hackers to come in and perform SQL injection attacks. Here is their URL (no, I am not telling you what site it was on, but if you really want to know then nothing can stop you):

http://someyellowpagesite/cgi-bin/p_yellowpages.cgi?id=3&SQLQuery=SELECT%20LISTING.NAME,
LISTING.ADDRESS,LISTING.PHONE,LISTING.CONTACT,LISTING.EMAIL%20FROM%20LISTING%20WHERE%20
LISTING.BCCODE=%2248280%22%20ORDER%20BY%20LISTING.NAME&StartRec=21&EndRec=40&TotalRec=2527&
SearchName=0&SearchDir=0&SearchClass=1


Notice, how they embed the the entire SQL query right there in the URL itself. What do you think happens, if you change a parameter or two in the SQL query? Heck, what would happen if you remove that query and instead put something in which drops the RDBMS table altogether? hehe.. the possibilities are limited to your imagination.

The damage done by SQL Injection attacks depends largely on the target environment and configurations. It can be used to cause Denial of Service attacks, by having a query do superfluous tasks. It can be used to open up a port on the server, which can then lead to getting access to that box itself. It can also be used to cause corrupt the data on the backend. Endless possibilities.

So fellas, whenever you write applications, always sanitize and check the input passed in from the user. Never ever, take SQL queries or commands from the web-tier.

Sunday, August 21, 2005

WiFi enabled Mobile Pocket PC = free phone calls

Just got an idea.. If there existed a mobile Pocket PC device that was WiFi capable, then you could make free phone calls to pretty much anyone in the world.

The other person would have to have Skype installed on his/her device or PC as well. You would have to install the Pocket PC version of Skype on your device and then could use it to make free phone calls to other Skype users, on their mobile devices or PC's. You would have to get an unlimited data plan from your carrier and reduce your monthly voice plan to a bare minimum. Once you have the unlimited data plan, there are no per call charges anymore. You just pay a flat fees, whether you make phone calls or not.

It could revolutionize the way the telecom industry works. But the question is, will the carriers allow the device manufacturers like HP etc to add WiFi capabilities to the mobile devices?

I like the idea, what about you?

(IN)SECURE magazine

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Get your copy today.

Topics that they cover in issue# 1.3 are:

Saturday, August 20, 2005

Application level vulnerabilities

I was cleaning up my computer and found a list on application level vulnerabilities and things that you need to consider when testing your application for security, that I had authored a couple years ago. It seems the items mentioned in the list are still relevant today and so I am publishing it on my blog. Here it is:
Pay careful attention to the above list while designing, coding and testing your application. A seemingly innocuous thing can have important security implications in the future.

Thursday, August 18, 2005

Linksys NSLU



So I bought a couple of 200 GB hard drives (these are so cheap these days. You can buy a 200 GB hard disk for around $70) and was on the look out for a network storage solution. Found the NSLU2 to be a good candidate, both for network storage as well as to hack it to install custom linux and make it work as a web server. So basically you plug this directly into your ethernet port and voila, storage is available to anyone who has access to that network. You can access this from your desktop, laptop or even your PDA if it has wifi, or some networking option. This is the cheapest way to add network storage solution to your home.

I guess, I am a little late to the NSLU party, going on here and here, but it will be fun nonetheless.

Just cannot wait for it to get delivered. Havent hacked up a device since a long time now !!!!

Sunday, August 14, 2005

Site of the day - Turnitin.com

Turnitin.com is a plagiarism detector. Its a site used by educators and instructors to detect plagiarism in student papers. Turnitin visits sites for content and then matches up the content with student submissions to detect whether the submission was original or "inspired" from online sources.

According to Plagiarism.org
Plagiarism has never been easier than it is today. Before the Internet, cheating was labor-intensive and obvious. Potential plagiarists had to find appropriate works from a limited pool of resources, usually a nearby library, and copy them by hand. Since these resources were almost always professionally written, the risk of detection was very high.

The Internet now makes it easy to find thousands of relevant sources in seconds, and in the space of a short time plagiarists can find, copy, and paste together a term paper, article, or even a book. Because the material online is produced by writers of varying levels of quality and professionalism, it is often difficult or impossible for educators and editors to identify plagiarism.
So sites like Turnitin help detect IP (intellectual property) theft by detecting plagiarised material.

Saturday, August 13, 2005

Dictionary attack

A dictionary attack is a method to break a password based authentication system using a huge subset of dictionary words. Usually an automated program is used to try out a list of common passwords and/or usernames in combinations until access is gained into the target system.

Some hacker sites allow you to download dictionaries for such attacks. They contain massive lists of words used in a particular language. Dont think that you can get away with using native word as a password. I've seen dictionaries for pretty much every language out there. That is why some sites or even your corporate security policy doesnt allow you to use simple words as passwords. They mandate the use of a combination of alphanumeric and special characters for passwords.

Some moron has been trying to get into my server with a dictionary attack method. Here is the list of usernames that have been tried so far: dictionary-attack.txt. Notice that the hacker has tried the combination of username "root" and password 909 times!!!

Friday, August 12, 2005

I have a new hobby, its called phishing


Thursday, August 11, 2005

Breaking MSN search

Wanna break MSN search? Just search for something on http://search.msn.com/. Once you get back the results, just change protocol in the URL that shows up in your address window from http:// to https:// and notice that Akamai's error page shows up.

Seems like all the top three search engines Yahoo, Google and MSN use Akamai. Hmm....

Wednesday, August 10, 2005

Nigerian Scammer tales

Here is an article that describes what it is like to be a Nigerian scammer.

Wednesday, August 03, 2005

Hacking an elevator

This is a fun hack posted on TheDamnBlog that shows how to hack an elevator to go directly to your floor without stopping anywhere in between.
The designers of some elevators include a hidden feature that is very handy if you're in a hurry or it's a busy time in the building (like check-out time in a hotel). While some elevators require a key, others can be put into "Express" mode by pressing the "Door Close" and "Floor" buttons at the same time. This sweeps the car to the floor of your choice and avoids stops at any other floor.

This page is powered by Blogger. Isn't yours?

Copyright Anand Jain 2004, 2005. All rights reserved.
Webmaster