Tuesday, August 29, 2017

Things to register for once you reach US

Transportation:

Zipcar:
UBER:
LYFT:


Utilities:

Electricity:

Frontier Utilities: Up to 20% discount on your first electricity bill


Monday, October 19, 2015

Using Gmail Offline

GMail introduced a new feature recently, that is browsing mails offline.

Today we are going to see how to do that.

First you need to install Google Gears, you can download the online installer from here
http://gears.google.com/

Run the online installer and it will install Google Gears on your system.

Now open your GMail and navigate to the settings and then to the Labs tab, there you will find a feature called offline, Enable that.

Thats it you are almost done, just a few clicks away. It will ask your permission to install offline access for GMail, click next.Then you get a Google Gears security warning, allow it.Click ok in the next window and you are done.It will download all your mails to your hard drive for offline browsing. You can see the status in the status window.

Have fun browsing gamil offline.

Saturday, November 29, 2014

Input Validation Attacks

  Input Validation Attacks :-

Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.
The most common input validation attacks are as follows-

1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.

2) Canonicalization :- These attacks target pages that use template files or otherwise reference alternate files on the web server. The basic form of this attack is to move outside of the web document root in order to access system files, i.e., “../../../../../../../../../boot.ini”. This type of functionality is evident from the URL and is not limited to any one programming language or web server. If the application does not limit the types of files that it is supposed to view, then files outside of the web document root are targeted, something like following-
/menu.asp?dimlDisplayer=menu.asp
/webacc?User.asp=login.htt
/SWEditServlet?station_path=Z&publication_id=2043&template=login.tem
/Getfile.asp?/scripts/Client/login.js
/includes/printable.asp?Link=customers/overview.htm

3) Cross-site Scripting (XSS) :- Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users see it. Target fields in forms can be addresses, bulletin board comments, etc.
We have found that error pages are often subject to XSS attacks. For example, the URL for a normal application error looks like this:
http://website/inc/errors.asp?Error=Invalid%20password
This displays a custom access denied page that says, “Invalid password”. Seeing a string
on the URL reflected in the page contents is a great indicator of an XSS vulnerability. The attack would be created as:
http://website/inc/errors.asp?Error=<script%20src=...
That is, place the script tags on the URL.

4) SQL Injection :- This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can open up a database. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted.
The easiest test for the presence of a SQL injection attack is to append “or+1=1” to the URL and inspect the data returned by the server.
example:- http://www.domain.com/index.asp?querystring=sports' or 1=1--

Linux Security

1) Firewalls are your guardian angels.

First of all, keep a software firewall active on your system, and restrict access to ports that allow remote access into your system, a good idea is to allow only a few select hosts access to ports used by services such as ssh (port 22) or telnet (port 23). Keeping a firewall in place ensures that you alone dictate who gets to access remote services on your computer and who doesn’t. To set up a firewall in linux, you can use the iptables program which comes standard with most linux distributions. However, iptables is quite difficult and complicated to set up correctly, and you will need to spend some time fiddling with the command line, but it is very flexible and powerful once configured correctly.

If messing about with iptables dosen’t appeal to you, there are frontends to iptables that you can use to set up effective firewalls. One such frontend is ufw (uncomplicated firewall) this program comes standard on ubuntu and is quite simple to set up, to use it you first have to enable it by typing in ’sudo enable ufw’ in the terminal, once the ufw service is active, adding rules is as simple as ’sudo allow 22/tcp’ > this statement allows all tcp traffic on port 22, swap allow for deny and you have the ssh service blocked, Its that simple, much easier than mucking about with iptables.

Of course, there are many people who do not like the idea of using command-line programs and like all their apps to be graphical. If you prefer a GUI configured firewall, then firestarter is the choice for you. Firestarter is a breeze to use, and has good documentation available on the firestarter website.
2) Passwords are for your protection, choose them well

Choose good user passwords, especially for root. One way to choose a secure password is to take a sentence, reduce it to an acronym and then replace some letters of the acronym with symbols and add some numbers to it. this mixing of alphabets, numbers and symbols, along with its long length will be a strong password.

Never use actual words that have meaning as passwords. These types of passwords are weak and can be cracked using dictionary attacks. Also along those lines: Never use words that hold personal significance with you.. i.e don’t use passwords that people who know you will be inclined to think that you would use, like a favorite pet’s name.. etc.

And for god’s sake, don’t use the word ‘password’ as a password…. ( don’t laugh… thats one of the most common passwords .. )
3) Use antivirus

Yeaps you read right.. antivirus. Antivirus on linux you say? Yes, linux has antivirus suites as well , but this is more for cleaning off your thumbdrives that you may have used in an infected windows machine than for killing linux viruses, as the system of user permissions for executing files makes linux a very inhospitable place for computer viruses to live. clamAV is a good antivirus choice, with a GUI version available for most major distros.
4) Be careful what scripts you get off the net

Getting bash scripts off the net is convenient, but be careful what scripts you run on your system, and make sure you check them out first. If you suspect that a script you got has some nasty intentions behind it, but you do not have the expertise in bash scripting to be sure, post the script in text form on linux support forums and the community will help you out. Unfortunatly, there are idiots out there who write destructive shell scripts and release them into the wilds of the internet, in this case intuition is your best defence.
5) Encrypt sensitive data that you may have.

The concept behind encryption is relatively simple, make the data to be encrypted unreadable to anybody besides authorised users.
My favourite program for encrypting data on linux AND windows would have to be truecrypt. Truecrypt works by creating a virtual volume which you can then set a passphrase or security key to. When you mount the virtual volume, you can then add files to it, which will be totally encrypted and unviewable once unmounted. The only way to mount the drive is to supply the passphrase or key.
6)Keep your BIOS set to boot from your harddrive and then add a password to your bios.

This is to keep people from booting off from live CDs and cracking your password from them. Although it is relatively easy to reset the BIOS password, this should be at least a minor detterance to those who may try this cracking method.

Well, there you go.. hopefully you wil use these tips and make your system a safer box to work on.

Shutdown Command Via Command Prompt

Shutdown Command Via Command Prompt :-

The 'Shutdown' Command Becomes More Flexible and Automated when used from the Command Prompt.

To Run the 'Shutdown' command from the command prompt, go to 'Start > Run', type 'cmd', and press 'Enter'.
In the black box (the command prompt) type 'Shutdown' and the Switches you want to use with the 'Shutdown' command.
You have to use at least one switch for the shutdown command to work.

The Switches :-
The 'Shutdown' command has a few options called Switches. You can always see them by typing 'shutdown -?' in the command prompt if you forget any of them.

-i: Display GUI interface, must be the first option
-l: Log off (cannot be used with -m option)
-s: Shutdown the computer
-r: Shutdown and restart the computer
-a: Abort a system shutdown
-m \\computername: Remote computer to shutdown/restart/abort
-t xx: Set timeout for shutdown to xx seconds
-c “comment”: Shutdown comment (maximum of 127 characters)
-f: Forces running applications to close without warning
-d [u][p]:xx:yy: The reason code for the shutdown u is the user code p is a planned shutdown code xx is the major reason code (positive integer less than 256) yy is the minor reason code (positive integer less than 65536)

Note :- I’ve noticed using a switch with a '-' sign doesn’t work sometimes.
If you are having trouble try using a '/' in place of '-' in your switches.

Examples :-
shutdown –m \\computername –r –f
This command will restart the computer named computername and force any programs that might still be running to stop.

shutdown –m \\computername –r –f –c “I’m restarting your computer. Please save your work now.” –t 120
This command will restart the computer named computername, force any programs that might still be running to stop, give to user on that computer a message, and countdown 120 seconds before it restarts.

shutdown –m \\computername –a
This command will abort a previous shutdown command that is in progress.

Using A Batch File :-
You can create a file that performs the shutdown command on many computers at one time.

In this example I’m going to create a batch file that will use the shutdown command to shut down 3 computers on my home network before I go to bed.

Open 'Notepad' and type the shutdown command to shut down a computer for each computer on the network.
Make sure each shutdown command is on its own line.
An example of what should be typed in notepad is given below-

shutdown –m \\computer1 –s
shutdown –m \\computer2 –s
shutdown –m \\computer3 -s

Now I’ll save it as a batch file by going to file, save as, change save as type to all files, give the file a name ending with '.bat'. I named mine 'shutdown.bat'.
Pick the location to save the batch file in and save it.

When you run the batch file it’ll shutdown computer 1, 2, and 3 for you.

You can use any combination of shutdown commands in a batch file.

Reveal *****(Asterisk) Passwords Using Javascript


-: Reveal *****(Asterisk) Passwords Using Javascript :-

Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your 'Username' and 'Password'.

3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.

javascript: alert(document.getElementById('Passwd').value);


4) As soon as you press 'Enter', A window pops up showing Password typed by you..!


Note :- This trick may not be working with firefox.

Reveal Passwords Using Javascript

Hide Entire Drives Partition Without Registry

Here is a cool technique which hides entire hard disk drives by a simple procedure.
This is the best security tip to be employ against unauthorised users.

1) Go to Start > Run > type "diskpart".
A DOS window will appear with following description.

DISKPART>

2) Then type "list volume"
The result will look something like one as shown below-
http://www.insecure.in/images/hide_drive.gif

3) Suppose you want to hide drive E then type "select volume 3"
Then a message will appear in same window { Volume 3 is the selected volume}

4) Now type "remove letter E"
Now a message will come { Diskpart Removed the Drive letter }

sometime it requires to reboot the computer.
Diskpart will remove the letter.

Windows XP is not having capabilty to identify the unknown volume.
Your Data is now safe from unauthorised users.

To access the content of hidden Drive repeat the process mentioned above. But in 4th step replace " remove" by "assign".
It means type "assign letter E".