simple security

So your company wont let you install an IM client like Yahoo or MSN, because of security reasons? Well, screw them. Use this web based AJAX flavored IM service called Meebo which works for all the big 4 IM providers - Yahoo, MSN, ICQ, AOL.

I've used it and was impressed. Its pretty slick and quick. Goto their homepage, enter the username/password for any or all of the IM services you use and voila you are signed in. Instantly. It opens up a new window for every conversation you are having. I presume, it might not be too difficult for them to let you open each conversation in a browser tab window. Thats exactly, what I had been asking about a few months ago - a tabbed IM client.

Its kinda trillian married to an AJAX application. Although, it doesnt let you do the fancy stuff thats built into many of the IM clients, it lets you do the basic chat and that should be more than enough.

Suppose you are on a vacation and want to quickly chat with you buddies from one of the cybercafes. This service lets you do that without the need for installing anything.

More and more services are moving to the network. WHats next Photoshop on the network?

Tired of waiting and navigating through menu hell when you call the 1-800 numbers of your favorite company or service? Well, check out this site to find out a way to reach a human operator real fast.

Here are some examples from the site:

Cingular: For faster service, press the option that you are looking to close your account, You get the same ppl but an immediate answer

American Express: Hit zero, pound, three times over (ignore prompts that it's an invalid entry)

Apple: Zero three times; if virtual rep answers, say "operator"

Its almost an year, since I wrote my first post on this blog on security. I have written mostly random stuff on various topics that I felt writing about. Most of my posts have been spontaneous. Some of them have pertained to security, some on hacking, while others on vulnerabilities and general security issues.

Lately, I havent been able to devote the time I want to write this blog. Since a past few weeks, my posts have been sporadic. I have been busy with some of the other things that I have just begun working on. One of those is Mandarin. I have started learning Mandarin.

I am grateful to you folks for regularly visiting my site for my postings. I am NOT shutting this blog down. I still receive tons of searches referrals on this blog from people searching for stuff like "crack Wifi", "how to save mms" etc. I am just setting your expectation, that I might write stuff less frequently here. I will still write an occasional post or two whenever there is something compelling enough.

Thanks to all of you for being my loyal readers. Adios. zaijian (good bye in Mandarin).

ps: I still continue to write my other blog, titled "Notes on Tech".

As you guys know, I had been complaining about the Airlink wireless router a few days ago. Phew, I was able to return it back to Fry's. Now I have installed a Netgear WGR614 router and just for the record, want to say that it rocks! The entire setup took less than 10 minutes. The router had a configuration wizard built into the router itself. It also provided an option to bypass the wizard entirely. This is a great convenience to power users like myself.

I've turned on the WPA encryption and now enjoying superior security with better speed.

This is how a product, specially an appliance, should be made. Easy to install, easy to use. It works right the first time.

MSDN Magazine describes SQL Injection as:

The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.

So why am I writing about SQL injection today? Well, I ran into a prominent yellow pages site yesterday and happened to notice that the way they construct their URL's, they are inviting hackers to come in and perform SQL injection attacks. Here is their URL (no, I am not telling you what site it was on, but if you really want to know then nothing can stop you):

http://someyellowpagesite/cgi-bin/p_yellowpages.cgi?id=3&SQLQuery=SELECT%20LISTING.NAME,
LISTING.ADDRESS,LISTING.PHONE,LISTING.CONTACT,LISTING.EMAIL%20FROM%20LISTING%20WHERE%20
LISTING.BCCODE=%2248280%22%20ORDER%20BY%20LISTING.NAME&StartRec=21&EndRec=40&TotalRec=2527&
SearchName=0&SearchDir=0&SearchClass=1

Notice, how they embed the the entire SQL query right there in the URL itself. What do you think happens, if you change a parameter or two in the SQL query? Heck, what would happen if you remove that query and instead put something in which drops the RDBMS table altogether? hehe.. the possibilities are limited to your imagination.

The damage done by SQL Injection attacks depends largely on the target environment and configurations. It can be used to cause Denial of Service attacks, by having a query do superfluous tasks. It can be used to open up a port on the server, which can then lead to getting access to that box itself. It can also be used to cause corrupt the data on the backend. Endless possibilities.

So fellas, whenever you write applications, always sanitize and check the input passed in from the user. Never ever, take SQL queries or commands from the web-tier.

# posted by anand : 9:27 AM  0 comments

Just got an idea.. If there existed a mobile Pocket PC device that was WiFi capable, then you could make free phone calls to pretty much anyone in the world.

The other person would have to have Skype installed on his/her device or PC as well. You would have to install the Pocket PC version of Skype on your device and then could use it to make free phone calls to other Skype users, on their mobile devices or PC's. You would have to get an unlimited data plan from your carrier and reduce your monthly voice plan to a bare minimum. Once you have the unlimited data plan, there are no per call charges anymore. You just pay a flat fees, whether you make phone calls or not.

It could revolutionize the way the telecom industry works. But the question is, will the carriers allow the device manufacturers like HP etc to add WiFi capabilities to the mobile devices?

I like the idea, what about you?

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Get your copy today.

Topics that they cover in issue# 1.3 are:

• Security vulnerabilities, exploits and patches
• PDA attacks: palm sized devices - PC sized threats
• Adding service signatures to Nmap
• CSO and CISO - perception vs. reality in the security kingdom
• Unified threat management: IT security's silver bullet?
• The reality of SQL injection
• 12 months of progress for the Microsoft Security Response Centre
• Interview with Michal Zalewski, security researcher
• OpenSSH for Macintosh
• Method for forensic validation of backup tapes

I was cleaning up my computer and found a list on application level vulnerabilities and things that you need to consider when testing your application for security, that I had authored a couple years ago. It seems the items mentioned in the list are still relevant today and so I am publishing it on my blog. Here it is:

• Hidden form field manipulation
• Parameter tampering (Eg. invalid session id or an incremental user id)
• Bypassing client side input validation (turning off javascript on the browser)
  
• Developer defined application backdoors and debug options
• Cookie poisoning
• Cross site scripting and Session hijacking
• Buffer overflow
• Published known vulnerabilities for the components involved in the web application (For example if your application uses embedded software and a vulnerability is published for that embedded piece, then your application is vulnerable too)
• Sample applications or pages and known application paths (Eg. /logs or /admin)
• Examination of application-to-application interaction such as between your application and various other servers
• Brute force password attack, password guessing and password sniffing. Also of importance is the error message. The error message should only state a generic message, instead of giving out specific messages. This is bad user experience, but a better from the security standpoint.
  
• How well does the application handle client session cancellation and expiry
• Use of HTTP methods to send data over to the server. (GET requests become part of URL and are normally stored in the browse's history)

Pay careful attention to the above list while designing, coding and testing your application. A seemingly innocuous thing can have important security implications in the future.

So I bought a couple of 200 GB hard drives (these are so cheap these days. You can buy a 200 GB hard disk for around $70) and was on the look out for a network storage solution. Found the NSLU2 to be a good candidate, both for network storage as well as to hack it to install custom linux and make it work as a web server. So basically you plug this directly into your ethernet port and voila, storage is available to anyone who has access to that network. You can access this from your desktop, laptop or even your PDA if it has wifi, or some networking option. This is the cheapest way to add network storage solution to your home.

I guess, I am a little late to the NSLU party, going on here and here, but it will be fun nonetheless.

Just cannot wait for it to get delivered. Havent hacked up a device since a long time now !!!!

Turnitin.com is a plagiarism detector. Its a site used by educators and instructors to detect plagiarism in student papers. Turnitin visits sites for content and then matches up the content with student submissions to detect whether the submission was original or "inspired" from online sources.

According to Plagiarism.org

Plagiarism has never been easier than it is today. Before the Internet, cheating was labor-intensive and obvious. Potential plagiarists had to find appropriate works from a limited pool of resources, usually a nearby library, and copy them by hand. Since these resources were almost always professionally written, the risk of detection was very high.

The Internet now makes it easy to find thousands of relevant sources in seconds, and in the space of a short time plagiarists can find, copy, and paste together a term paper, article, or even a book. Because the material online is produced by writers of varying levels of quality and professionalism, it is often difficult or impossible for educators and editors to identify plagiarism.

So sites like Turnitin help detect IP (intellectual property) theft by detecting plagiarised material.