2009 saw lot of new, useful and innovative products that resulted out of simple human dreams. The creators saw what the present [and the future] generation needed the most and put their ideas on the design table. We saw the release of several OSes by computing giants this year. Includes Windows 7, Google Chrome OS and Mac Snow Leopard. I am not including Ubuntu 9.10, because I believe that the October 2010 release  of Ubuntu shall defy all standards.

Because Google has been foraying into several new fields and many of my friends are Google fanatics, they asked me if it is OK to switch to Google Chrome OS.

My answer, “It ain’t the time”.

What the cloud has to offer as is software and even hardware as a service and over the internet. It offers to provide software and hardware as a pay by use model rather than permanently investing on it.

Yes, for people in countries like India it is not the right time to move onto Google Chrome OS. The most important reason for this belief of mine is the fact that Chrome OS is dependent on the cloud.

Cloud computing is the new talk of the town. Everyone wants to know about it and wants to use it.

Google Trends for "Cloud Computing"

See how people have searched for cloud computing on google? It started somewhere around October 2007, and kept rising with occasional peaks and falls. But I can observe a fall by the end of 2009. We will have to wait and see if the term continues to generate interest in 2010. Also, the largest number of searches were from India, especially from Bangalore [source: Google Trends]

From what I have understood, Chrome stores your data on the cloud. Your computers hard disk, stores the Operating System alone. Every other thing from software to storage space is provided over the internet. (Google Services cater to the softwares of the cloud and your data will be stored in your Google Account Space).

Though the term generated so much of interest in India, yet it is dependent on Internet speeds in India to become a feasible facility in Indian households. Till then we will have to buy our own Hardware, and Software (if you aren’t exactly an open source fan).

So we will have to wait for internet speeds to catch up for Google Chrome OS to become a plausible replacement. Even then the existing drawbacks of Cloud Computing (later on this), might just leave people with the option to use non cloud Operating Systems.

Technorati Tags: 2010, chrome, cloud, google, os, trends

Early in the morning news came out, that a new group called the Anti-Sec (meaning Anti Security) and cracked into ImageShack. I came to know of it from Mashable Website.

I don’t know who these guys are. But what they say makes some meanings. I used to believe that Windows Viruses were released by AntiVirus Companies, so that we buy their products. By without full disclosure, the consequences may be several.

They claim that

“if you own a security blog, an exploit publication website or you distribute any exploits you are a target and you will be r(e)m(ove)’d. Only a matter of time”.

Maybe it’s nightmare time for Security Firms, who sell security products.

I found that someone had posted on Indiblogger that, his blog had been hacked by Anti Sec. I was shocked at first to know that it was a “blogspot” hosted blog. I trusted Google because of their security features and Anti Sec surpassed them?

Well, a quick check of the blog’s source code, revealed that the blogger account had never been compromised.

The problem was solved and the blogger is now a happy man.

The actual problem was caused by a widget called “Floating Back to Top Icon Widget”. It used an “arrow” image from ImageShack. Anti Sec fellows replace that “arrow” with the above image and it trickled down to the various blogspot hosted blogs that use that widget.

It consumes, half of the blog (I will try to get some images).

The solution was simple. Remove that Widget and the Image will go away.

Technorati Tags: antisec, blogger, blogspot, hacked, image

This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot.

Once again check the source code. The script mails the password to the email id mentioned. First try to find out to which email id the script sends the password. It’s all there in the source code.

<form action=”/missions/basic/4/level4.php” method=”post“>

<input type=”hidden” name=”to” value=”webmaster@hulla-balloo.com” /><input type=”submit” value=”Send password to Sam” /></form></center><br /><br /><center><b>Password:</b><br />
<form action=”/missions/basic/4/index.php” method=”post“>
<input type=”password” name=”password” /><br /><br /><input type=”submit” value=”submit” /></form>

No we are not going to hack that email id. Instead we will tweak this web page, so that the script works in the way we want it to. Save a copy of the source code on your computer. Open it in your favorite HTML editor. Change the email id to an email id you have access to.

Save the file as HTML, and open it in your browser. Press the button to send the password to your email id. Well, you must have cracked it by now.

What (I think) You Learnt

It is easy to change the source code and gain access to sensitive information. Using the hidden value for hiding sensitive information in HTML code is never a very good idea. Use it elsewhere.

Technorati Tags: games, Hacks, hackthissite, internet, Web

Basic Level 3: Deeper Problems

This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

Now, the password file is there. The deeper problem is that the source code exposes where the password file is stored.

<form action=”/missions/basic/3/index.php“method=”post“> <input type=”hidden“ name=”file“ value=”password.php” /><input type=”password“ name=”password” /><br /><br /><input type=”submit“ value=”submit” /></form>

Can you see the password file where the password is stored. Access the file through your browser, by typing out the address in your browser navigation bar. And if you are still wondering about the path of the file, then I suggest you read about absolute and relative URLs.

Here we don’t have an absolute URL, we have a relative URL.

What You Learnt

It is dangerous to save passwords in HTML files. Though PHP code in PHP files are not displayed in the source code, yet storing passwords in PHP files doesn’t eliminate the dangers completely. In this mission, the password was simply in the PHP file and not in any code.

Don’t make this error while designing your password validating PHP files!

Technorati Tags: games, Hacks, hackthissite, internet, Web

Basic Level 2: Where is the Password?

Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file…

A password protection script compares the password the user enters to the password from an unencrypted text file. But, the password file has not been uploaded. No password file, means no password.

Might sound funny, but sometimes it happens. The file isn’t available. Which means there is no password to compare to. The password could be <null>.

What You Learnt

This was kind of a rough try. Thanks to the hint given, you found what the password was. But you might not have this hint always. So if you have unlimited attempts, then try out the null password test. You might just be lucky!

Technorati Tags: games, Hacks, hackthissite, internet, Web