Pure Binary

Just now I listened to a brdocast by MIT guy on Malware threats and I encountered an attack technique known as Buffer Overflow Attack. I had heard about this attack before but to know how it works I did some research. I am posting what I understood and perhaps you will like it.

Buffer overflow is one of the most common attack techniques used by hackers. Most importantly it is often undetectable, and above that, most of the home build programs or code are vulnerable to such threats. I can gaurantee that all the codes that you wrote since your school and all the applications you build till date is vulnearable to buffer overflow attack. Code wriiten in unsafe languages such as C++ are more prone to such threats. Infact these days buffer overflows are a favorite exploit for hackers. You will be surprised to know that the vast majority of patches that Microsoft releases oftten in its updates actually fix unchecked buffer problems. However the applications developed in our house just as susceptible as commercial applications to buffer-overflow attack. And this is the only reason why freewares are not accepted as standard software in IT firms.

A buffer overflow takes advantage of a program that is waiting on a user’s input. Buffer overflow attacks can of two types – first is stack based and the other is heap based. Heap is nothing but a free pool of memory used by compilers to dynamically allocate the memory to running program. Heap-based attack basically flood the memory space reserved for a program, however this attack is rare due to the complexity involved. On the other hand stack-based buffer overflow is much easier and often used.

I could explain you this in my own words but it would be better if I quote from a technical article published at SearchWindowsSecurity.com as it would an unaltered version for you. Article goes like this:

“In a stack-based buffer overrun, the program being exploited uses a memory object known as a stack to store user input. Normally, the stack is empty until the program requires user input. At that point, the program writes a return memory address to the stack and then the user’s input is placed on top of it. When the stack is processed, the user’s input gets sent to the return address specified by the program.

I hope you liked this article from SearchWindowsSecurity.com. Please post your comment and some other security issues if you have encountered or solutions which think is applicable. If you want to know about how You can prevent buffer-overflow attacks then follow the link associated.

Tags: Security Issues // Add Comment »

Do you know why searching on Google is different than searching for something on other search engines. No I am not talking about the search speed or the efficient algorithm used to index or search for the given string or sentence in the text box. Rather, I am talking about the innovation which Google has imparted in its searching. Google has made its search engine customizable from user’s end too. If you are aware of some logical operators or some scripting knowledge then you can use it while googling too. But even if computer is not more than an idiot box for you you can can use these tricks and customize your search for more precise results. These tricks are not new, I read about all of these tricks lot earlier. Recently I read these tricks once again while I was surfing Binscorner.com for funny emails and forwards. I am pasting these contents from there. You can also follow the link to read it from Binscorner.com.

Tip Number One:
You need to think about what it is you really want. If you are looking for a comparative review of wireless telephones, you will probably get more results from a list of names such as SmartPhone, Audiovox, Motorola, and so on, than the words “comparative review of wireless phones”.

Tip Number Two:
Use Quotation marks to force finding a specific phrase. When you surround your phrase with quotation marks, the search engine will only return results exactly matching the entire phrase. This is an extremely powerful search technique, and yet it is not used by the majority of web searchers. If you search on the two words George and Washington, you will get over 8 million results. If you put quotation marks around the entire name, your results will be restricted to about 3 million. And if your search is on “George Washington” “Cherry Tree”, you will only get about 12,600 results. You get the picture. This is especially important if your search contains what are called “stop words” – words that Google is designed to ignore, such as “and” “of” and “the”. By including these inside your quoted phrase, you will get more targeted search results.

Tip Number Three:
Use the Plus (+) and Minus (-) Signs. The plus sign just before a search term means “This MUST be found in the search”. Conversely, if you find a lot of search results that include a specific product, word, phrase, or item that you do not want to see, you can put a minus sign before that word or phrase, and those results will be excluded from your search.

Tip Number Four:
Use the Asterisk (*) As a WildCard search term. Yes, you can insert an asterisk in your search phrase and it will act as a wild card matching any word in that place in the phrase. Not only that, but you can insert more than one asterisk in place of more than one word in your search phrase, up to the limit of ten search words – and the wild card markers are not counted toward this ten word limit.

Tip Number Five:
Use the site: command. If you are interested in finding examples of the term XMLHttp, but only on eggheadcafe.com, then you can create a search like this: site:eggheadcafe.com XMLHTTP This will restrict your search to only pages belonging to that web site. You will notice that in regular Google searches, if there are more than two results from that site, the second result will be indented and there will be a link “More results from …” – this automatically uses the site: qualifier. Also, you can search or exclude whole domains. For example, you can search for tampopo dvd site:co.uk or tampopo dvd -site:com (Tampopo is a wonderful Japanese noodle western spoof by director Juzo Itami that is sure to be enjoyed by Americans. If you really want to get educated IMHO, try to avoid watching films out of Hollywood, as they generally stink).

Tip Number Six:
Use the operators. Besides the site: command, Google understands a range of operators that include filetype: (eg doc, xls, or pdf), intext: and allintext:, intitle: and allintitle:, inurl: and allinurl:, author: (in Google Groups) and location: (in Google News). Google also understands a logical OR, provided it is upper case. This means you can search for a bar in Orlando OR Miami for example. It is useful when targets of searches have alternative or variable spellings: outsourcing bombay OR mumbai. The OR command can be shortened to a vertical bar (|), as in outsourcing bombay | mumbai. Another way of adding alternatives is to use a tilde character (~). Thus if you search for ~food, Google also searches for cooking, cuisine, nutrition, recipes and restaurants.

Tip Number Seven:
Use the Advanced Search Page. Fortunately, you don’t need to memorize all of the above tricks, since they are conveniently offered to you in various combinations in the Advanced Search option which is always available from the main Google search page.

Tip Number Eight:
Use Google Groups. Google has the most complete archive of usenet and other news posts going back over 20 years. By simply switching tabs from Web to Groups, your search term(s) will be repeated on the Groups archives.

Tip Number Nine:
Use new advanced search features. Google has a number of new features including Google Local, Google News (news items from newspapers and other publications around the globe), Froogle – which searches for the best prices on products, and the Dictionary – to get the spelling and / or definition of a word. One of the lastest new offerings as of this writing in October, 2004, is a mobile SMS search that allows you to send an SMS message to google with your search terms for a restaurant and zipcode, somebody’s name and address, or whatever, and get back the results to your cellphone in seconds.

Here’s a table with a listing of links to some of the Google advanced search features:

• Cached Links View a snapshot of each page as it looked when we indexed it.
• Calculator Use Google to evaluate mathematical expressions.
• Definitions Use Google to get glossary definitions gathered from various online sources.
• File Types Search for non-HTML file formats including PDF documents and others.
• Froogle To find a product for sale online, use Froogle – Google’s product search service.
• I’m Feeling Lucky Bypass our results and go to the first web page returned for your query.
• Local Search – New! Search for local businesses and services in the U.S. and Canada.
• News Headlines Enhances your search results with the latest related news stories.
• PhoneBook Look up U.S. street address and phone number information.
• Search By Number Use Google to access package tracking information, US patents, and a variety of online databases.
• Similar Pages Display pages that are related to a particular result.
• Site Search Restrict your search to a specific site.
• Spell Checker Offers alternative spelling for queries.
• Stock Quotes Use Google to get stock and mutual fund information.
• Street Maps Use Google to find U.S. street maps.
• Travel Information Check the status of an airline flight in the U.S. or view airport delays and weather conditions.
• Web Page Translation Provides English speakers access to a variety of non-English web pages.
• Who Links To You? Find all the pages that point to a specific URL.

Tip Number Ten:
Use the Google API. Google has an API with a WSDL webservices proxy class generator for developers that allows you to incorporate the power of Google search into your own applications. It’s free, and all you need to do is download the SDK and request a free license key. Now that I think of it, Amazon also has a very fine API that now includes the Alexa search engine which provides some very useful statistical information about URLs and web crawler searches from the Alexa engine, so Google “ain’t the only game in town”.

Tags: Uncategorized // Add Comment »

Google has openly said that it can withdraw from China if needed. This statement has come after Google found some involvment of chinese government behind the hacking of Gmail accounts of some social activists. Google was already pissed off by the cencorship imposed by chinese government on the search result in china. You might not get any search result for Tibet or Dalai Lama or Tank man. However after this statement many disputed results are available in search results in Google China. Due to various regional pressure google search results have been different for different regions. A common example is – If you search for Indian state Arunachal Pradesh on Google Map in china, it is shown as a part of Republic of China. Same search shows Arunachal pradesh as Indian territorry in Google India. And the most irritating as well as hilarious thing is that Google in United States shows Arunachal Pradesh as a disputed Territory. I was amazed by looking at these biased search results.

Recently India has condemened Google for showing Arunachal Pradesh as Chinese Territory and warned to take action against the firm.

Google withdrawing from China seems completely impossible as China is a big market for internet users and internet advertising as well. Nor China can afford to lose Google as it can reder many unemployed in China and hamper the chinese interest a well. China assured that it will take care of foreign comanies investing in their country.

Tags: Tech News // Add Comment »

Cyber laws are getting stiffer and stiffer. In US and other developed countries cyber laws are very strict and those who are caught as guilty has to pay hefty amount as fine with imprisonment. Even in fast growing nations like India Cyber laws are tightening up. However cyber laws in India is not so robust yet. Piracy is one of the offspring of cyber crimes. You can download almost all the movies released anywhere in the world from internet. Even American movies can be downloaded online. Ususally cyber criminals take advantage of the weak cyber laws in many countries due to which they out of reach of those nations who have strict cyber laws. 99.99% of websites offering free or paid downloading of audio, video songs or movies are either breaking copyright policies or they are contributing to piracy. Peer to peer software such as bittorent, uttorent etc are very commonly used for downloading movies or any other copyrighted data. But how would you feel if producer of a movie declares that his movie will be available on the internet for free downloading. Shocked!!

  Even I was shocked, but it is true. Much talked upcoming bollywood movie 3 Idiots by producer Vidhu Vinod Chopra is going to be released tomorrow i.e. 25th december,2009. Speaking to reporters producer anounced that internet used can now download his movie through youtube after 2-3 months of release so that it does not ruins the theater and multiplex business. 3 Idiots is releasing tomorrow in 1,766 screens world wide out of which 366 are in 32 countries. This is the largest international release for a Bollywood movie. Amir khan, the actor, has been on his toe and wandering all over the country promoting his new movie. The movie is based on the bestseller novel ‘Five point someone’ by Chetan Bhagat. The decision of distributing the film for free online is first ever decision of its kind. The decision has been taked to crub the ghost of piracy.

Tags: Uncategorized // Add Comment »