tag:blogger.com,1999:blog-82897342011-12-14T19:08:32.204-08:00Random notes on security, vulnerabilities, exploits, hacks, cracks and related things.<br/> Feel free to comment, use, implement, grab or plagiarize anything you like. No guarantees, no warranties. <br/> Always remember, nothing can be 100% foolproof. The goal is to be as close to 100% as possible. <br/><small> The content on this blog is for informational purposes only</small>anandnoreply@blogger.comBlogger1181100tag:blogger.com,1999:blog-8289734.post-1126762601742462502005-09-14T22:26:00.000-07:002006-06-28T09:37:58.523-07:00

So your company wont let you install an IM client like Yahoo or MSN, because of security reasons? Well, screw them. Use this web based AJAX flavored IM service called Meebo which works for all the big 4 IM providers - Yahoo, MSN, ICQ, AOL. I've used it and was impressed. Its pretty slick and quick. Goto their homepage, enter the username/password for any or all of the IM services you use and

anandnoreply@blogger.com3tag:blogger.com,1999:blog-8289734.post-1126593676408618472005-09-12T23:37:00.000-07:002005-09-12T23:46:41.153-07:00

Tired of waiting and navigating through menu hell when you call the 1-800 numbers of your favorite company or service? Well, check out this site to find out a way to reach a human operator real fast. Here are some examples from the site: Cingular: For faster service, press the option that you are looking to close your account, You get the same ppl but an immediate answerAmerican Express: Hit

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1125899818042164112005-09-04T22:43:00.000-07:002005-09-04T23:00:13.403-07:00

Its almost an year, since I wrote my first post on this blog on security. I have written mostly random stuff on various topics that I felt writing about. Most of my posts have been spontaneous. Some of them have pertained to security, some on hacking, while others on vulnerabilities and general security issues.Lately, I havent been able to devote the time I want to write this blog. Since a past

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1125549053577961732005-08-31T21:24:00.000-07:002005-08-31T21:33:40.596-07:00

As you guys know, I had been complaining about the Airlink wireless router a few days ago. Phew, I was able to return it back to Fry's. Now I have installed a Netgear WGR614 router and just for the record, want to say that it rocks! The entire setup took less than 10 minutes. The router had a configuration wizard built into the router itself. It also provided an option to bypass the wizard

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1125247484248309622005-08-28T09:27:00.000-07:002005-08-28T09:44:44.306-07:00

MSDN Magazine describes SQL Injection as:The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.So

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1124672493907491242005-08-21T17:43:00.000-07:002005-08-21T18:01:33.916-07:00

Just got an idea.. If there existed a mobile Pocket PC device that was WiFi capable, then you could make free phone calls to pretty much anyone in the world. The other person would have to have Skype installed on his/her device or PC as well. You would have to install the Pocket PC version of Skype on your device and then could use it to make free phone calls to other Skype users, on their mobile

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1124617225202681422005-08-21T02:38:00.000-07:002005-08-21T02:40:25.210-07:00

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Get your copy today.Topics that they cover in issue# 1.3 are: Security vulnerabilities, exploits and patchesPDA attacks: palm sized devices - PC sized threatsAdding service signatures to NmapCSO and CISO - perception vs. reality in the security kingdomUnified threat

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1124603328808034042005-08-20T22:40:00.000-07:002005-08-20T22:52:56.026-07:00

I was cleaning up my computer and found a list on application level vulnerabilities and things that you need to consider when testing your application for security, that I had authored a couple years ago. It seems the items mentioned in the list are still relevant today and so I am publishing it on my blog. Here it is: Hidden form field manipulation Parameter tampering (Eg. invalid session id

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1124417334345906092005-08-18T18:52:00.000-07:002005-08-18T19:08:54.353-07:00

So I bought a couple of 200 GB hard drives (these are so cheap these days. You can buy a 200 GB hard disk for around $70) and was on the look out for a network storage solution. Found the NSLU2 to be a good candidate, both for network storage as well as to hack it to install custom linux and make it work as a web server. So basically you plug this directly into your ethernet port and voila,

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1124060613231616502005-08-14T15:54:00.000-07:002005-08-14T16:03:33.236-07:00

Turnitin.com is a plagiarism detector. Its a site used by educators and instructors to detect plagiarism in student papers. Turnitin visits sites for content and then matches up the content with student submissions to detect whether the submission was original or "inspired" from online sources. According to Plagiarism.orgPlagiarism has never been easier than it is today. Before the Internet,

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1123972414778417152005-08-13T15:17:00.000-07:002005-08-13T15:33:34.786-07:00

A dictionary attack is a method to break a password based authentication system using a huge subset of dictionary words. Usually an automated program is used to try out a list of common passwords and/or usernames in combinations until access is gained into the target system. Some hacker sites allow you to download dictionaries for such attacks. They contain massive lists of words used in a

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1123874061528390392005-08-12T12:08:00.000-07:002005-08-12T12:14:21.536-07:00

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1123823982702102592005-08-11T22:16:00.000-07:002005-08-11T22:25:49.733-07:00

Wanna break MSN search? Just search for something on http://search.msn.com/. Once you get back the results, just change protocol in the URL that shows up in your address window from http:// to https:// and notice that Akamai's error page shows up.Seems like all the top three search engines Yahoo, Google and MSN use Akamai. Hmm....

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1123657496378326132005-08-10T00:03:00.000-07:002005-08-10T00:11:35.916-07:00

Here is an article that describes what it is like to be a Nigerian scammer.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1123081920810824652005-08-03T08:07:00.000-07:002005-08-03T08:14:55.600-07:00

This is a fun hack posted on TheDamnBlog that shows how to hack an elevator to go directly to your floor without stopping anywhere in between.The designers of some elevators include a hidden feature that is very handy if you're in a hurry or it's a busy time in the building (like check-out time in a hotel). While some elevators require a key, others can be put into "Express" mode by pressing the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1122824044391682282005-07-31T08:30:00.000-07:002005-07-31T08:34:04.393-07:00

After spending an hour with the Verizon support guy, I was able to get the Airlink AR315W router to work. But now after 3 hours of use it is completely dead, void of any life. I am buying a Netgear now.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1122823811095876022005-07-31T08:24:00.000-07:002005-07-31T08:30:11.103-07:00

Here is an article on how Adam Laurie, technical director of the security and networking firm The Bunker, used infrared to hack a hotel's network to watch premium content for free, to see other guests' bills and to control various things like the minibar .Hotel TV systems are the most serious target from a privacy standpoint because they are connected to databases that contain information about

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1122344473321589682005-07-25T19:01:00.000-07:002005-07-25T19:23:39.373-07:00

When a client (could be a PC browser) first talks to a website over SSL (Eg. eBay), they perform a process known as handshake. Here is what happens: Client sends in a ClientHello message with the version number of SSL the browser uses and the ciphers and data compression methods it supports. Server acknowledges with a ServerHello message. This message contains a session ID and the ciphers and

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1122186408859333662005-07-23T23:13:00.000-07:002005-07-23T23:26:48.866-07:00

I spent around 2-3 hours trying to install this Airlink AR315W router, but couldnt get it to connect with my Verizon DSL. Googling or Yoddling (searching on Yahoo) didnt help much either. All the links that came back, are from link farms which are filled with Google ads. No luck :(I tried both, PPPoE as well as Direct connect options, but they always came back with "No connection". In my older

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1122078929160776922005-07-22T17:31:00.000-07:002005-07-22T17:35:29.170-07:00

I was able to install Gentoo finally on my server. No issues whatsoever now. Even the network card is up and running. Seems that it needed "tulip" in the list of modules to be loaded at startup. Now how would a user figure that out? One word answer: Community. Just to a search on the net for your issues and mostly likely you will see someone take the pains the explain a solution. Now comes the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121850015104954762005-07-20T01:58:00.000-07:002005-07-20T02:00:15.110-07:00

Man won over machine. Gentoo installed. The only part left to debug, is why doesnt the eth0 interface get configured and loaded. Phew! Goodnight.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121846465324527812005-07-20T01:00:00.000-07:002005-07-20T01:01:05.336-07:00

Applicationlayer BGP, FTP, HTTP, HTTPS, IMAP, IRC, NNTP, POP3,RTP, SIP, SMTP, SNMP, SSH, SSL, Telnet, UUCP, ... Transport lr. DCCP, OSPF, SCTP, TCP, UDP, ... Network lr. IPv4, IPv6, ICMP, ARP, IGMP, ... Data link lr. Ethernet, Wi-Fi, Token ring, FDDI, PPP, ... Physical lr. RS-232, EIA-422, RS-449, EIA-485...

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121843887022537822005-07-20T00:15:00.000-07:002005-07-20T00:18:07.026-07:00

Its 12.15 AM as I am writing this entry. This has been my 3rd attempt in getting gentoo to install. I got all the way through, till about the genkernel part and once the genkernel completes, I dont see the /boot/initrd directory (or file) being created. Now that the frustrating part. Did a quick google search and nothing noteworthy came up!!!I thought, I had found nirvana in Gentoo.. but seems

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121827982809374722005-07-19T19:42:00.000-07:002005-07-19T19:57:54.150-07:00

I just ordered the Airlink AR315W wifi router + the USB adapter for my desktop. The router was selling for $19.99 and the usb adapter for $14.99 on Fry's Outpost. I did a Google search on the adapter and didnt see any horror stories, so went ahead and ordered it. As far as I can tell, its a great deal and would give you WPA protection besides faster speed with 802.11g - 54mbps, than 802.11b.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121802619389324832005-07-19T12:44:00.000-07:002005-07-19T12:50:19.396-07:00

There was a serious security flaw discovered in Greasemonkey. Check it out here. Although, I havent read the entire email thread myself, the bottom line is that uninstall Greasemonkey for now. I guess, this all started out when Joe Gregario wrote an article in XML.com about putting his private key in the Greasemonkey script to decrypt secure content. So one thing to keep in mind is not to jump on

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121739544523398872005-07-18T19:07:00.000-07:002005-07-18T19:19:04.530-07:00

Other than the fact that Winnie the Pooh like to drink honey out of a honey pot, a honeypot in the security world refers to a computer that is setup as a trap for hackers/crackers. It is a computer that is attached to a network with an aim to record the techniques that hackers use to gain unauthorized entry into a network. It acts as a decoy. Honeypots are designed to capture any activity that

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121529294697512402005-07-16T08:43:00.000-07:002005-07-16T08:54:54.733-07:00

So I tried installing Gentoo over a period of 10 days. Yeah! I just performed a step or two each day for about 10 days. Now when I boot up that machine, I am not able to login to my gentoo server. I am sure, I must have missed a step or something. Ouch. So, I'll need to sit down and do the installation all the way from start to finish in one shot.Expect the posting to be light until I get Gentoo

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121528545809290122005-07-16T08:35:00.000-07:002005-07-16T08:42:25.860-07:00

I've noticed that since about the past 6 months, most of the spam that I receive also contains a virus or a known exploit. This is just to warn you guys that dont even consider opening an email that you suspect to be spam. It might contain a virus and/or exploit which might do funny things with your computer even without your knowledge.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121090895030469642005-07-11T07:05:00.000-07:002005-07-11T07:08:15.036-07:00

Looks like Paul Kedrosky's domain kedrosky.com has been snapped up by domain squatters. I did a whois lookup and it seems that he let it expire. Ouch!Registrar Name....: Register.comRegistrar Whois...: whois.register.comRegistrar Homepage: http://www.register.comDomain Name: kedrosky.com Created on..............: 09 Jul 2001 10:00:00 Expires on..............: 09 Jul 2005 13:05:11Registrant Info

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1121059875243312802005-07-10T22:22:00.000-07:002005-07-10T22:31:15.250-07:00

About a month ago, I bought a second hand server from craigslist. Nothing fancy, just a dual proc 1 GHz box with 1 GB RAM and other usual stuff. Last week I tried to install Fedora RC 4 onto it. But right after the installation, when the OS tried to boot for the first time, it would hang midway. Both the keyboard and the mouse would freeze. I tried reinstalling Fedora a couple of times before

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1120953334330401212005-07-09T16:44:00.000-07:002005-07-09T16:55:34.336-07:00

So lets say you are on a Windows machine and want to know which ports are open and which executable created and/or is listening on that port. Well, here is one command that can display it all:netstat -b -v -o -n -aHere is what the options mean: -b : Displays the executable involved in creating each connection or listening port. -v : When used in conjunction with -b, will display sequence of

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1120801392849912882005-07-07T22:42:00.000-07:002005-07-07T22:43:12.853-07:00

The apache webserver can be setup as a reverse proxy. A reverse proxy helps with inbound requests. When a client makes a request to your site, the request goes to the proxy server. The proxy server then sends the client's request through a specific passage in the firewall to the content server. The content server passes the result through the passage back to the proxy. The proxy sends the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1120712890598936392005-07-06T22:06:00.000-07:002005-07-06T22:08:10.603-07:00

This site explains it all, in a step by step format.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1120630951732039942005-07-05T23:07:00.000-07:002005-07-05T23:23:31.363-07:00

In most of the corporate networks, these days, they dont allow you to mail executable files like .exe, .scr, .dll etc. The mail filter on the server is going to detect that you tried to send out an executable and bounces back the mail in your inbox. Sometimes zipping up the file before attaching it to the email does the trick. But these days the mail filters are getting smarter and can look

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1120154805216630952005-06-30T10:57:00.000-07:002005-06-30T11:06:45.243-07:00

Paul Kedrosky received an phishing email that asked him to click through and unsubscribe from a magazine's mailing list. In this age of RSS feeds, why cant the banks and similar institutions starting generating RSS feeds and have people subscribe to it. There is no sign-up or sign-out process. The very act of subscribing to a feed becomes the sign-up process. For any update or marketing material

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1119937943278472822005-06-28T07:02:00.000-07:002005-06-28T07:31:48.673-07:00

Every email that you receive contains some header data along with the viewable message. Most of the email clients, whether they be the online clients like Yahoo or desktop ones like Outlook, hide this header information. They usually make little sense for the average Joe. But, if you are interested and want to dig deeper, the headers reveal some nice nuggets of information.First, lets talk about

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1119730713714176772005-06-25T13:14:00.000-07:002005-06-25T13:27:01.486-07:00

If have access to your webserver log files, you might find various IP addresses listed in there. These are the people who visit your sites. How do you find out who these IP addresses belong to? What geographic location they are coming from? Well, there is an easy way. Check out this site: http://www.dnsstuff.com/The dnsstuff site has a lot of tools that can assist in finding out more about your

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1119720001828672222005-06-25T10:17:00.000-07:002005-06-25T13:27:56.006-07:00

Yesterday evening I went to Costco for some shopping. As usual, I do go around the computer/electronics aisle just to check out what things they are selling. I saw this Microsoft Fingerprinting device that they were selling for under 40 bucks. Now that is pretty affordable, considering the amount of security you are going to get. It might not appeal to desktop users, but I'd recommend this device

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1119372950713564902005-06-21T09:55:00.000-07:002005-06-21T09:55:50.720-07:00

I've been very busy working on an update to the FooBar Search Alerts (FSA) service. Finally, this past weekend, I released an update to the service. Now FSA supports monitoring of RSS/Atom feeds.You can create an alert for a feed that you want to monitor for certain keywords. Whenever your keywords apppear in the feed, you will receive an email containing the link to the new postings. So, lets

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1118693466186956692005-06-13T13:06:00.000-07:002005-06-13T13:11:06.193-07:00

Ever felt the need to export your contacts information from various web services like: * Microsoft Office Outlook * Outlook Express * MSN Hotmail * Google gmail * Yahoo * .Mac MailCheck out this page, it lists down the steps through which you can export your "contacts" from all the services listed above.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1118455458026996132005-06-10T18:57:00.000-07:002005-06-10T19:04:18.033-07:00

Black hat hackers: Black hat is a skilled hacker who uses his or her ability to pursue their interest illegally. They are often economically motivated, or may be representing a political cause. The term comes from old Western movies where heroes typically wore white or light-colored hats and outfits, and the villains wore black outfits with black hats.Grey hat hackers:Grey hat is a skilled hacker

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1118417255415961882005-06-10T08:20:00.000-07:002005-06-10T08:27:35.420-07:00

There is a whitepaper out on Watchfire that descrbies what HTTP Request smuggling is:Here is the executive summary from their whitepaper: HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices/entities (e.g. cache server, proxy server, web application firewall, etc.) are in the data flow between the user and the web server. HTTP Request

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1118264577308553902005-06-08T13:57:00.000-07:002005-06-08T14:03:52.196-07:00

Here is a screencast video presentation that shows how to break a WEP key in 10 minutes using Whoppix. Need more proof that WEP is insecure? What is Whoppix? Whoppix is a stand alone penetration testing live cd based on Knoppix. With the latest tools and exploits, it is a must for every penetration tester and security auditor. Whoppix includes Several exploit archives, such as Securityfocus,

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1118110569626830062005-06-06T19:11:00.000-07:002005-06-06T19:16:09.643-07:00

Incase you are the hacker type and want to create your own distribution, this article from IBM's website provides a good starting point. Here is another nice primer titled Linux from Scratch: A Tour. Here is a Linux from Scratch FAQ.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1117811676216683262005-06-03T08:05:00.000-07:002005-06-03T08:14:36.223-07:00

David Lazaurus (SFGate) writes on how Web tours are a boon for burglars.Virtual tours are commonplace at most real estate Web sites, allowing prospective buyers to closely inspect a property from the privacy of their PCs.Try it yourself. Go to Realtor.com, the leading real estate Web site, and plug in a ZIP code. (I experimented with 94121 for San Francisco's tony Sea Cliff neighborhood and

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1117765140807401542005-06-02T19:12:00.000-07:002005-06-02T19:19:00.816-07:00

For folks who are on the road most of the time or even if use your local Starbucks to surf thru their WiFi network, you can use OpenVPN.OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1117740772144077642005-06-02T11:49:00.000-07:002005-06-02T12:32:52.193-07:00

MMS streams are multimedia broadcast streams that you can usally play in your Windows Media Player or even in WinAmp. There is was no easy way to download and save them to play back later. Here are two utilities that you can use to save MMS streams. Have fun!gmms is a simple MMS-stream downloader based on mmsclient that works on both Windows® and Linux. MMS-streams are multimedia streams

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1117691717345137862005-06-01T22:43:00.000-07:002005-06-01T23:10:12.083-07:00

Om Malik writes about an Harris Interactive poll: Of the 2,800 regular Internet users quizzed by Harris, a significant number (49 percent) did not believe that browser choice is a key factor in protecting their computers from malicious software attacks: 17 percent thought it had no effect and 32 percent admitted they don't know whether the choice of browser makes a difference. Most participants

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1117679590394529732005-06-01T19:15:00.000-07:002005-06-01T19:43:39.380-07:00

Here is an article on ZDNet by George Ou stating the six dumbest ways to protect your WiFi network. MAC filtering.SSID hiding.LEAP authentication.Disabling DHCP.Interior antenna placement and low power.Limiting your use to 802.11a or Bluetooth.Obviously using WEP to secure your Wifi doesnt even make it to his list. As I had mentioned earlier, it takes just minutes to break a WEP key. Check out

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1117656936900191902005-06-01T13:13:00.000-07:002005-06-01T13:15:36.903-07:00

I was visiting family and friends in California during the long weekend and so had a lull in the postings here. Now that I am back, I am going to resume my posting with full force. Woot!

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1116959287378076292005-05-24T11:17:00.000-07:002005-05-24T11:28:57.946-07:00

CircleID reports on how project Honeynet has revealed how phishers build and use their infrastructure to carry out phishing attacks. Here is the paper: Know your enemy that details the complete study.Here is one of my earlier entries describing what Phishing is.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1116733099760916952005-05-21T20:25:00.000-07:002005-05-21T20:38:19.776-07:00

While standing at the checkout lane this afternoon, I noticed that the cashier refused to accept the credit card from the guy who was standing ahead of me. He had not signed the back of his credit card yet. Instead he has written "See I.D." on the little white stripey thingy on the back of the card. The intention being, I presume, that the cashier/checkout guy would ask for an ID and as the ID

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1116483983871227922005-05-18T23:03:00.000-07:002005-05-18T23:26:23.876-07:00

Check out a two part article on Tom's networking that gives a detailed how-to on breaking WEP keys - Part-I and Part-II. These articles dont just talk fluff, they lead you through the steps needed to break the WEP keys. It took them less then 5 minutes to break a 64 bit WEP key which includes the time to scan using airodump and cracking with aircrack and simulating traffic.At an ISSA (Information

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1116462436030460922005-05-18T17:21:00.000-07:002005-05-18T18:54:02.683-07:00

In a typical J2EE application there are various ways of of storing session state which include client-side cookies, the HttpSession object, database, an EJB, or even the POJO. Another place you can store the application state, in an encrypted form, is in the HTML page itself. Interesting read. Check it out here and here.According to the article these are the pros and the cons of storing the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1116377165994545742005-05-17T17:33:00.000-07:002005-06-01T22:37:30.693-07:00

So laptops get stolen all the time. Some are stolen from cars, some from apartments/homes etc. With the laptop storage increasing, we tend to store all kinds of stuff on it. If the laptop is gone so is all the data that resides on it. Why isnt the data on a laptop stored in an encrypted state, so that even if the laptop is stolen, the thief, or who ever bought it from the thief, has no way to

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1116290646218025892005-05-16T17:35:00.000-07:002005-05-16T19:44:31.783-07:00

Lets say you need to order a server side SSL certificate from Verisign or Thwate or some other Certification Authority (CA). Here is how you can use Java's in-built keytool to create a CSR, request a certificate and then import it in the keystore database.:Create your key. Always use the full state name, no abbreviations. CN (Common name) should be domain of your site. This will also create a

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1115790322729709842005-05-10T21:51:00.000-07:002005-05-11T11:52:02.386-07:00

Per my previous rant about how yucky passwords are, here is something that shows how to have a unique password for every site/service that you have signed up for without remembering it like Shakuntala Devi or writing it down on a post-it under your keyboard.The concept is simple, but brilliant and effective. You create a personal master password. I recommend creating it with all the standard

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1115691049387118742005-05-09T18:55:00.000-07:002005-05-09T21:09:06.423-07:00

While waiting at the DMV for my wife's written test to complete, I picked up one of the leaflets they had put in there along with a bunch of other stuff. The leaflet was about how to avoid Identity theft and what to do incase you became a victim of identity theft. Here is what it stated:How to avoid becoming an Identity Theft victim: Do not give your Social Security number, mother's maiden name

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1115493442581197342005-05-07T11:42:00.000-07:002005-05-09T21:10:10.353-07:00

So when was the last time you changed your password? Maybe the company you work for requires you to change your work password every 60 or 90 days or something like that. They might have stricter rules about not reusing any of the previous 5-6 passwords or how they have to be alpha numeric with a special character blah blah.But how about your personal passwords? Lets say your hotmail password. Did

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1115346519431017592005-05-05T19:05:00.000-07:002005-05-05T19:32:41.886-07:00

A few days ago, I had written about what a DOS attack is. DOS attacks are usually targetted towards ISPs or websites of large corporations. Home users might get affected by a DOS attack, such that if their ISP is attacked then they might face connectivity issues. As a home user, you dont have too many options. But as a sys-admin incharge of a large corporation's website or if you are working for

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1114900370903038602005-05-01T11:10:00.000-07:002005-05-01T11:15:22.340-07:00

SSL is used to encrypt transmission of data between a browser and a webserver. So if a website out there uses SSL to encrypt sensitive information then everything is secure and perfect and nobody needs to worry about anything. Right? Well no. SSL works only at the transport layer. Let me explain. What SSL can do is protect data exchanged between a browser and a server. What it cannot do is

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1114759530568891962005-04-29T00:12:00.000-07:002005-04-29T10:09:16.910-07:00

I attended OWASP's local chapter meeting for a presentation on Web Services Security. It was during the presentation, that I learnt a new word: fuzzing. According to SPI Dynamic's website: "Fuzzing" is an automated software testing technique that generates and submits random or sequential data to various areas of an application in an attempt to uncover security vulnerabilities. For example, when

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1114646113862124542005-04-27T16:50:00.000-07:002005-04-27T22:31:29.746-07:00

Authentication is a mechanism to verify the identity of the person or server you are communicating with. For example, when you log into your email account, you are challenged to provide your username and password to verify your identity. This is an example of one-way authentication. Authencation mechanisms can vary. You can use passwords, server side certifcates (like the ones issued by Verisign

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1114333362286610782005-04-24T01:36:00.000-07:002005-04-24T02:05:03.553-07:00

Lets say that a server hosted in one datacenter needs to connect with a server located in some other datacenter. For example, your application hosted in your own datacenter needs to send out SMS messages and so it might connect to the carriers gateway in their datacenter.Usually, when you have this kind of connectivity requirements, you would use SSL encryption between servers to prevent data

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1114150057691591662005-04-21T22:46:00.000-07:002005-04-21T23:11:38.480-07:00

A Denial of Service (DoS) attack happens when the users of a particular service (or a website) are unable to access or use that service because of an attack on that service. Lets say an attacker floods a particular website with so many requests at once, that the site is unable to serve its regular users. The server is so busy trying to keep up with the numerous requests (lets say about 5000

anandnoreply@blogger.com2tag:blogger.com,1999:blog-8289734.post-1113889187272318772005-04-18T22:31:00.000-07:002005-04-18T22:39:47.273-07:00

Lately, I've been extremely busy working on my FooBar Search Alert, which is now in the beta release. Hence, the delay in posting on this blog. I am working on writing an entry explaining what a Denial of Service (DoS, DDoS) attack is. Also, writing up something on SSH and its various uses. I'll be posting the DoS entry before the weekend.Thanks for your patience.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1113104464811703182005-04-09T20:10:00.000-07:002005-04-09T20:43:55.190-07:00

Lets say you goto a site and see that it is run by some scripting language like PHP, Perl, ASP etc. Now, whenever you make a request to that site through your browser, the webserver is going to execute the script for which the request was made and send you back the results (not the script source file). Simple enough. Now lets see how you can grab the source files from that site. So, lets assume

anandnoreply@blogger.com2tag:blogger.com,1999:blog-8289734.post-1112978511846563572005-04-08T09:11:00.000-07:002005-04-08T15:27:37.883-07:00

Yesterday evening, I posted an ad on Craiglist to sell my 15 inch LCD monitor. This morning I received an interesting response to my ad.Something about the response didnt seem right. Remember, if it is too good to be true, there is a rat hiding somewhere. Firstly, this guy promises to buy my monitor right-away, without any questions. Secondly, the whole western union thing got my thinking. btw,

anandnoreply@blogger.com7tag:blogger.com,1999:blog-8289734.post-1112831650300982022005-04-06T16:51:00.000-07:002005-04-06T17:01:48.260-07:00

Seems that since the past 4-5 days, I have been getting virtually no spam (except for an odd email). I made no changes either to my mailbox or to the mailserver settings. I do get all my other emails. Why did the spam machines go quiet? Not that I am complaining, but it makes me wonder what happened? Has this something to do with Microsoft filing lawsuits agains 118 phishing sites? Donno. Is it

anandnoreply@blogger.com2tag:blogger.com,1999:blog-8289734.post-1112752969005823552005-04-05T18:36:00.000-07:002005-04-05T19:05:28.930-07:00

The other day, I received a email that claimed that my credit card on file with eBay had expired and I would need to re-enter my account details. One glance at it and I knew it was a phishing email. I immediately went over to eBay's website, with the hope of letting them know about this incident. They have a "security center" link at the bottom of their home page. Once you click on the security

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1112517632980665562005-04-03T00:13:00.000-08:002005-04-03T00:40:32.983-08:00

Have you ever typed in the following phrases in Google? "Index of /admin" "Index of /cgi-bin" "passwd.txt" "allinurl:/phpinfo.php" Give it a shot. See what you end up with. These are called 'index hacks'. By the way, you can enter these phrases in just about any search engine.

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1112464463445148422005-04-02T09:34:00.000-08:002005-04-02T09:54:23.446-08:00

Firefox. A good antivirus. You could go with either of the market leaders, McAfee or Norton. If you are working with a linux machine or dont want to go the open source way, then consider ClamAV . Latest updates of the operating system. For windows, it is Windows service pack 2 with a built-in firewall. Be sure to enable the auto-updates for the OS you are working with. Spybot -

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1112339824744742462005-03-31T22:59:00.000-08:002005-03-31T23:21:04.776-08:00

A marketing guy tries to cold call an important executive of a particular company. As soon as the executive sees the un-recognized number, he lets the call goto the voicemail. If you were the marketing guy, how would you social engineer your way to the executive? Now as you know, phone numbers in a company are always assigned in a particular series. I'd call up one of the other number in the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1112163681146063772005-03-29T21:55:00.000-08:002005-03-29T22:21:21.146-08:00

Do you have an antivirus installed on your personal computer? Is it upto date with the latest patches/updates? Did you renew your free subscription to the antivirus that came along free with your PC? I bet, over 50% of the average home users dont have a antivirus to protect them from all the evils lurking out there. Security is not the number one priority in their list (does it even make it to

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1112077740403434532005-03-28T22:12:00.000-08:002005-03-28T22:29:00.410-08:00

Expounding on what I had said earlier, if you setup a fake access point (AP) having the same SSID as that of the legitimate AP and transmit on the same channel as the original AP, you could potentially take over the user sessions. There is NO way to identify the legitimacy of an AP except for its SSID. This is true for AP's that dont use WEP (or some variant).How difficult is it to find out the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1111971357406365052005-03-27T16:27:00.001-08:002005-03-27T16:55:57.406-08:00

Scenario #1A hacker installs a fake access point near the real WiFi network. The hacker then sends a stronger RF signal basically disrupting the signal of the real access point. Users lose their connections to the legitimate AP and re-connect to the "evil twin", allowing the hacker to intercept all the traffic to that device.Scenario #2A hacker could easily setup a fake login page that mimics the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1111650070304968812005-03-23T23:40:00.000-08:002005-03-23T23:41:10.303-08:00

Technorati Profile - ignore!

anandnoreply@blogger.comtag:blogger.com,1999:blog-8289734.post-1111645747044339702005-03-23T22:05:00.000-08:002005-03-23T22:29:07.046-08:00

So a link shows up in your email, which looks like this:http://www.some_banks_homepage.com%01%00@fake_site.com/scammer.htmlwhere do you think you will go if you clicked on the above link? Although, I've made it obvious in the above URL, a lot of people would still say that it would goto "www.some_banks_homepage.com". If you said "fake_site.com", congratulate yourself because you have just passed

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1111470527775562092005-03-21T21:32:00.000-08:002005-03-21T21:48:47.776-08:00

War dialing is a technique that uses software to dial hundreds of telephone numbers, hoping to connect to a modem that would act as an entry point into a corporate network. Back in the old days, modems where kept connected to comupters for communication purposes. Sometimes a cracker (A person who breaks into a computer system without authorization) would find out one of the telephone numbers of a

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1111020664820878102005-03-16T16:33:00.000-08:002005-03-16T16:51:04.823-08:00

Sometimes while traveling, you come across a hotel network or a Wifi spot that has a restrictive firewall that only allows HTTP traffic to flow through. What if you wanted to check company email through IMAP/POP3 service? Are you stuck on an HTTP island? Well, no. Luckily there is a workaround. httptunnel (written by Lars Brinkhoff, license: GPL) creates a bi-directional virtual data connection,

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1110785321560528592005-03-13T22:56:00.000-08:002005-03-13T23:31:03.786-08:00

FTP (File Transfer Protocol) is widely used for transferring files to and from servers. How FTP works: An FTP client connects to an FTP server (usually denoted by the ftp:// protocol), using a username and password. Once the user is connected, s/he can download or upload files depending upon the permissions set up by the server adminstrator.Why is it insecure? Like its HTTP cousin, the FTP

anandnoreply@blogger.com2tag:blogger.com,1999:blog-8289734.post-1110259266031207322005-03-07T21:03:00.001-08:002005-03-07T21:21:06.033-08:00

"Having an open directory on your system, is infact an open invitation to hack". Let me explain. Last week, I was working on some UML stuff and wanted to try out an evaluation version of a top rated UML drawing software (I am not naming names, to protect the guilty). While waiting for the huge download to complete, I poked around their site to see what was going on behind the scenes. Once in a

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1110140063089840162005-03-06T12:08:00.000-08:002005-03-06T12:14:23.090-08:00

I ran into this site called Try2Hack. The site has various levels that you have to hack to move up the next one (ofcourse, playing by their rules). I reached all the way upto level 5, upon which they wanted me to download a VB file to proceed. I didnt go any further, because I would have needed the VB editor to hack into that file. Do check it out! Let me know upto what level you reached via

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1109747070404027852005-03-01T22:52:00.000-08:002005-03-01T23:04:30.433-08:00

This blog (besides a host of other things) is hosted on a server that I own and manage. Now time and again, I see various script kiddies or even crackers attempting to gain their way into my box. Some of them will try to exploit windows IIS exploits (hey script kiddie.. if you do some OS fingerprinting, you'll know upfront that this is a linux box). Some crakers try and brute force username/

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1109650018735742022005-02-28T19:54:00.000-08:002005-02-28T20:12:33.540-08:00

This great tool called the rinetd - internet redirection server comes in handy when you want to forward traffic on a particular TCP port to other machines (they might even not on be your network).Redirects TCP connections from one IP address and port to another. rinetd is a single-process server which handles any number of connections to the address/port pairs specified in the file /etc/

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1109306924904486742005-02-24T20:43:00.000-08:002005-02-24T20:48:44.906-08:00

Mozilla Firefox 1.0.1 is now available for download. Although the Options->Advanced->Check for Updates thing doesnt work yet (they are going to enable it in stages), you can go and directly download the browser. The installation is painless and smooth. Everything - favorites, preferences etc gets preserved. Here are the release notes.Have a safe browsing experience.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1109136243399332082005-02-22T21:17:00.000-08:002005-02-22T21:27:11.890-08:00

Found on a Microsoft Help and Support page: Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords Yikes! What were they thinking when they coded this error message, huh? The user must've died of a shock, I'm guessing. Check out the page for yourself here.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1108879451394072582005-02-19T20:10:00.000-08:002005-02-19T23:17:31.866-08:00

Here is how you can make free unlimited long distance calls through your cellphone by using a mix of VOIP and the cheapest mobile-to-mobile unlimited calling plan. This assumes that you already have a cellphone to begin with.1. Buy a second mobile phone. A cheap or used phone would suffice.2. Change your existing cellphone plan to the cheapest possible. Add option to make unlimited mobile to

anandnoreply@blogger.com1tag:blogger.com,1999:blog-8289734.post-1108697317591101622005-02-17T19:21:00.000-08:002005-02-17T20:43:49.076-08:00

My random surfing led me to this GoogleMaps hack wiki. Apparently, it lists down hacks that can be performed with Google Maps like making the routes animated etc. Also, here is an online code beautifier: http://www.prettyprinter.de/

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1108617958963805272005-02-16T20:29:00.000-08:002005-02-17T06:47:58.696-08:00

According to Wikipedia - an Adware or advertising-supported software is any software application in which advertisements are displayed while the program is running. Some of the worst Adware programs do something more drastic. They alter your PC's settings, so that whenever you try to go to site A, you will always end up in site B. Here is how this happens:When you enter a URL in the browser, a

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1108278173852296242005-02-12T22:20:00.000-08:002005-02-12T23:10:34.876-08:00

Disclosure: I conceptualized and wrote the FooBar Search Alerts service. It is free for personal non-commercial use. This is not a shameless plug. I use FooBar Search Alerts myself to keep up with security related stuff.First let me tell you a little about the FooBar Search Alerts (FSA) service. The concept is very simple. It allows you to monitor a certain webpage for certain keywords (any word

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1108100694010504952005-02-10T21:35:00.000-08:002005-02-10T21:44:54.010-08:00

Normally I dont like to post these vulnerability/security announcements because these days they are just too damn many of them. But as this has to do with the Symantec antivirus itself, I am posting it onto my blog. There was an issue in the Symantec antivirus that allowed a virus to execute while scanning it. The problem exists in how the scanning code handles a compression format known as the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1108006037702269812005-02-09T18:55:00.000-08:002005-02-09T19:30:14.550-08:00

As a follow-up to my previous post explaining what a CAPTCHA is, this post is about breaking CAPTCHA. To break a CAPTCHA there are basically two options. Either come up with some fancy algorithm that does with image analysis and character recognition or simply show the CAPTCHA to a human, and have him/her tell you what the mangled text in the CAPTCHA really is. It seems that spammers prefer the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1107732260996123852005-02-06T14:39:00.000-08:002005-02-06T15:28:51.986-08:00

There is another vulnerability found in AWStats (version 5.7 through 6.2), which allows remote command execution even if the AllowToUpdateStatsFromBrowser flag has been set to 0. This exploit causes arbitary commands to be executed by using 'pluginmode'. Here is an example: http://yourserver/cgi-bin/awstats.pl?pluginmode=:system("/bin/ls"); Check out this code snippet that doesnt sanitize the

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1107487442125113032005-02-03T19:21:00.000-08:002005-02-03T19:24:02.126-08:00

Take this quiz on Identity theft and find out your score. It is conducted by Better Business Bureau and Javelin Strategy & Research. My score was 15. Note that a perfect score is 0 and the worst possible score is 100; a typical score is 38. Have fun and if possible, do post back your results via the comments on this blog

anandnoreply@blogger.com2tag:blogger.com,1999:blog-8289734.post-1107399941005370602005-02-02T18:59:00.000-08:002005-02-06T15:27:22.530-08:00

An update to this entry has been posted here. There is a security hole in the AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user. However, if you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. See a sample exploit. Anyone use

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1107225867943163982005-02-01T21:40:00.000-08:002005-02-01T21:44:51.216-08:00

CAPTCHA is an acronym for Computer Aided Public Turing test to tell Computers and Humans Apart. You have probably seen a CAPTCHA in action on a website as a colorful image with distored text in inside it. CAPTCHA's are used to prevent automated-bots from signing up for various web services like email or for taking part in online polls etc. Previously companies like Yahoo realized that online

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1107225422769443102005-01-31T18:33:00.000-08:002005-01-31T18:37:02.770-08:00

Was doing my usual surfing and bumped into this illustrated explaination of Cryptographic Hashes. Do check it out here. More explanation of Crypographic hash function here.

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1106453437570919642005-01-22T19:55:00.000-08:002005-01-22T23:45:43.420-08:00

Usually, websites require you to provide them with your email address when you sign-up for their services. This email address is then used for sending you a verification link or an activation code. Usually this is not a problem, but some service providers (sites) will sell your email address to spammers. Once you start receiving spam it is almost impossible to get off the spammers list. Ofcourse,

anandnoreply@blogger.com0tag:blogger.com,1999:blog-8289734.post-1105855942513601312005-01-15T21:28:00.000-08:002005-01-15T22:17:49.973-08:00

I take the bus to work and have to walk for about 4 blocks to reach office. While returning back yesterday, I happened to look at a whiteboard inside a conference room through a glass window. From what I saw on the board, it was obvious that someone had drawn, very neatly, a diagram detailing how the network was organized for that company. Most of the little retangular blocks on that diagram, had

anandnoreply@blogger.com0