Wednesday, August 31, 2005
Netgear WGR614 router rocks
I've turned on the WPA encryption and now enjoying superior security with better speed.
This is how a product, specially an appliance, should be made. Easy to install, easy to use. It works right the first time.
Sunday, August 28, 2005
SQL Injection attacks
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.
So why am I writing about SQL injection today? Well, I ran into a prominent yellow pages site yesterday and happened to notice that the way they construct their URL's, they are inviting hackers to come in and perform SQL injection attacks. Here is their URL (no, I am not telling you what site it was on, but if you really want to know then nothing can stop you):
Notice, how they embed the the entire SQL query right there in the URL itself. What do you think happens, if you change a parameter or two in the SQL query? Heck, what would happen if you remove that query and instead put something in which drops the RDBMS table altogether? hehe.. the possibilities are limited to your imagination.
The damage done by SQL Injection attacks depends largely on the target environment and configurations. It can be used to cause Denial of Service attacks, by having a query do superfluous tasks. It can be used to open up a port on the server, which can then lead to getting access to that box itself. It can also be used to cause corrupt the data on the backend. Endless possibilities.
So fellas, whenever you write applications, always sanitize and check the input passed in from the user. Never ever, take SQL queries or commands from the web-tier.
Sunday, August 21, 2005
WiFi enabled Mobile Pocket PC = free phone calls
The other person would have to have Skype installed on his/her device or PC as well. You would have to install the Pocket PC version of Skype on your device and then could use it to make free phone calls to other Skype users, on their mobile devices or PC's. You would have to get an unlimited data plan from your carrier and reduce your monthly voice plan to a bare minimum. Once you have the unlimited data plan, there are no per call charges anymore. You just pay a flat fees, whether you make phone calls or not.
It could revolutionize the way the telecom industry works. But the question is, will the carriers allow the device manufacturers like HP etc to add WiFi capabilities to the mobile devices?
I like the idea, what about you?
Topics that they cover in issue# 1.3 are:
- Security vulnerabilities, exploits and patches
- PDA attacks: palm sized devices - PC sized threats
- Adding service signatures to Nmap
- CSO and CISO - perception vs. reality in the security kingdom
- Unified threat management: IT security's silver bullet?
- The reality of SQL injection
- 12 months of progress for the Microsoft Security Response Centre
- Interview with Michal Zalewski, security researcher
- OpenSSH for Macintosh
- Method for forensic validation of backup tapes
Saturday, August 20, 2005
Application level vulnerabilities
- Hidden form field manipulation
- Parameter tampering (Eg. invalid session id or an incremental user id)
- Developer defined application backdoors and debug options
- Cookie poisoning
- Cross site scripting and Session hijacking
- Buffer overflow
- Published known vulnerabilities for the components involved in the web application (For example if your application uses embedded software and a vulnerability is published for that embedded piece, then your application is vulnerable too)
- Sample applications or pages and known application paths (Eg. /logs or /admin)
- Examination of application-to-application interaction such as between your application and various other servers
- Brute force password attack, password guessing and password sniffing. Also of importance is the error message. The error message should only state a generic message, instead of giving out specific messages. This is bad user experience, but a better from the security standpoint.
- How well does the application handle client session cancellation and expiry
- Use of HTTP methods to send data over to the server. (GET requests become part of URL and are normally stored in the browse's history)
Thursday, August 18, 2005
So I bought a couple of 200 GB hard drives (these are so cheap these days. You can buy a 200 GB hard disk for around $70) and was on the look out for a network storage solution. Found the NSLU2 to be a good candidate, both for network storage as well as to hack it to install custom linux and make it work as a web server. So basically you plug this directly into your ethernet port and voila, storage is available to anyone who has access to that network. You can access this from your desktop, laptop or even your PDA if it has wifi, or some networking option. This is the cheapest way to add network storage solution to your home.
I guess, I am a little late to the NSLU party, going on here and here, but it will be fun nonetheless.
Just cannot wait for it to get delivered. Havent hacked up a device since a long time now !!!!
Sunday, August 14, 2005
Site of the day - Turnitin.com
According to Plagiarism.org
Plagiarism has never been easier than it is today. Before the Internet, cheating was labor-intensive and obvious. Potential plagiarists had to find appropriate works from a limited pool of resources, usually a nearby library, and copy them by hand. Since these resources were almost always professionally written, the risk of detection was very high.So sites like Turnitin help detect IP (intellectual property) theft by detecting plagiarised material.
The Internet now makes it easy to find thousands of relevant sources in seconds, and in the space of a short time plagiarists can find, copy, and paste together a term paper, article, or even a book. Because the material online is produced by writers of varying levels of quality and professionalism, it is often difficult or impossible for educators and editors to identify plagiarism.
Saturday, August 13, 2005
Some hacker sites allow you to download dictionaries for such attacks. They contain massive lists of words used in a particular language. Dont think that you can get away with using native word as a password. I've seen dictionaries for pretty much every language out there. That is why some sites or even your corporate security policy doesnt allow you to use simple words as passwords. They mandate the use of a combination of alphanumeric and special characters for passwords.
Some moron has been trying to get into my server with a dictionary attack method. Here is the list of usernames that have been tried so far: dictionary-attack.txt. Notice that the hacker has tried the combination of username "root" and password 909 times!!!
Friday, August 12, 2005
I have a new hobby, its called phishing
Thursday, August 11, 2005
Breaking MSN search
Seems like all the top three search engines Yahoo, Google and MSN use Akamai. Hmm....
Wednesday, August 10, 2005
Nigerian Scammer tales
Wednesday, August 03, 2005
Hacking an elevator
The designers of some elevators include a hidden feature that is very handy if you're in a hurry or it's a busy time in the building (like check-out time in a hotel). While some elevators require a key, others can be put into "Express" mode by pressing the "Door Close" and "Floor" buttons at the same time. This sweeps the car to the floor of your choice and avoids stops at any other floor.
Copyright Anand Jain 2004, 2005. All rights